| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2012, 11:37
| #1 | |
 |  TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Avira schreit seit gestern wegen einer Infektion, die es nicht entfernen kann. Folgende Meldung: Zitat:
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan :: STEFAN-PC [Administrator] Schutz: Aktiviert 30.07.2012 12:17:35 mbam-log-2012-07-30 (12-17-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214618 Laufzeit: 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich habe weiteres mit Bart's MiniPE und einer Handvoll an Anti-Malware Software und Antiviren-Programmen das Problem zu lösen, doch die finden meine Festplatten nicht... Tja, Rechner scheinbar zu neu, da sind im Live-System offensichtlich keine Treiber für SSD u.ä. drin. Seltsam. So, nachdem Defogger möchte, dass ich das System neustarte, beende ich mal dieses Posting und füge den Rest im nächsten Posting an. |
|
30.07.2012, 11:43
| #2 |
  | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi,
__________________Rootkit... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris
__________________ |
|
30.07.2012, 11:52
| #3 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ OTL.txt
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,62 Gb Available Physical Memory | 85,37% Memory free 16,74 Gb Paging File | 14,10 Gb Available in Paging File | 84,26% Paging File free Paging file location(s): c:\pagefile.sys 800 1000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 25,02 Gb Free Space | 22,40% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 444,86 Gb Free Space | 47,76% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.30 12:11:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.05.25 22:23:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.12.01 19:11:36 | 000,671,744 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe PRC - [2009.08.20 13:43:52 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 20:45:47 | 020,313,384 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012.06.19 20:45:45 | 000,895,312 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012.06.19 20:45:42 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012.06.19 20:45:40 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012.06.19 20:45:38 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012.06.16 19:03:34 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.16 19:03:20 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.06.16 18:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.16 18:57:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.26 09:22:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.26 09:22:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.26 09:22:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.26 09:22:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.26 09:22:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.25 19:18:54 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.11.28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.28 12:27:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:59:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 22:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.26 21:18:01 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.05.25 23:09:03 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.25 19:18:46 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.05.25 19:18:33 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.05.25 19:18:28 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.11.03 07:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.09.21 08:22:34 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.09.20 10:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.07.06 12:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 05:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 05:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.05.20 16:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.13 18:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 48 F8 FD 9C 3A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.30 00:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 22:35:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] [2012.05.25 21:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2012.07.18 18:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions [2012.07.08 08:13:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.06.14 12:41:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.26 10:10:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.31 21:02:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\foxmarks@kei.com [2012.06.28 23:10:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com [2012.06.06 14:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.06 14:44:21 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.07.18 18:59:05 | 000,045,154 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\BITTORRENT_WEBUI_2@FIREFOX.ALEXISBRUNET.COM.XPI [2012.05.26 10:10:40 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI [2012.06.28 23:10:35 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.07.18 18:59:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: LastPass = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.05.26 09:56:59 | 000,002,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21164624-2FB7-4C5D-922F-18C67E09CC63}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D62C0BA-E57B-4C00-9550-1B0A41A7DB12}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell - "" = AutoRun O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy) [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy) [2012.07.30 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.30 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.07.30 09:53:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.07.30 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.07.30 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.07.30 00:39:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.07.29 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.07.29 23:26:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Lexmark [2012.07.28 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira [2012.07.28 13:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.28 13:50:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.28 13:50:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.28 13:50:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.28 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.07.20 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\105_PANA [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\touchbyte_GmbH [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoSync [2012.07.16 23:59:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Weichtalklamm [2012.07.12 19:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.12 19:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.12 19:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.12 19:23:45 | 000,000,000 | ---D | C] -- C:\AMD [2012.07.12 17:03:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.12 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.12 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Arduino [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.07.11 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\arduino-1.0.1 [2012.07.08 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.07.04 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\temp [2012.07.02 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Damian Pasternak [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fotosizer [2012.05.28 16:51:36 | 014,844,448 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2012.07.30 12:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.30 12:39:02 | 4259,557,374 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 12:36:13 | 000,000,188 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:28:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000UA.job [2012.07.30 12:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 12:22:43 | 001,506,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 12:22:43 | 000,654,452 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.30 12:22:43 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 12:22:43 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.30 12:22:43 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.30 12:21:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 12:21:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 12:14:07 | 000,001,531 | ---- | M] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 00:50:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.07.30 00:28:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000Core.job [2012.07.29 23:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | M] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.17 00:18:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 18:24:42 | 000,002,368 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.11 18:18:14 | 004,963,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 21:22:48 | 000,003,584 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk ========== Files Created - No Company Name ========== [2012.07.30 12:36:13 | 000,000,188 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:02 | 000,001,531 | ---- | C] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 12:13:16 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000032.@ [2012.07.30 11:48:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@ [2012.07.30 09:49:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 09:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@ [2012.07.29 23:26:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | C] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.28 13:23:36 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\000000cb.@ [2012.07.28 13:23:31 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@ [2012.07.17 00:18:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | C] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.02 21:22:48 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown Scheduler.lnk [2012.07.02 13:08:00 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk [2012.06.04 13:03:20 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.25 23:13:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.25 23:11:40 | 000,000,600 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\winscp.rnd [2012.05.25 23:09:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.25 23:08:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.25 19:32:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.25 19:08:53 | 000,070,145 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.25 19:07:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.25 19:07:35 | 000,048,199 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll ========== LOP Check ========== [2012.07.02 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.06.06 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Activision [2012.07.11 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.05.25 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite [2012.07.30 12:39:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.06.30 09:07:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla [2012.07.08 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.06.29 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Imagenomic [2012.07.30 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.06.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PACE Anti-Piracy [2012.06.19 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDAppFlex [2012.07.17 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.30 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.05.26 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TeamViewer [2012.05.26 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TrueCrypt [2009.07.14 07:08:49 | 000,011,278 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.07.2012 12:41:02 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 13,62 Gb Available Physical Memory | 85,37% Memory free
16,74 Gb Paging File | 14,10 Gb Available in Paging File | 84,26% Paging File free
Paging file location(s): c:\pagefile.sys 800 1000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 25,02 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 444,86 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel(R) Network Connections 16.6.126.0
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"{F96F51B9-6940-4559-9F49-22A511CFF4BB}" = PhotoSync
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"ImagenomicPortraitureLightroomPlugin" = Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 16.6.126.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"CWK" = SDS (Shutdown Scheduler)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Dynamic-Photo HDR 5_is1" = Dynamic-Photo HDR 5
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.5.3
"Fotosizer" = Fotosizer 1.34
"HDR Efex Pro" = HDR Efex Pro
"ImgBurn" = ImgBurn
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastPass" = LastPass (uninstall only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Markt Bilderservice" = Media Markt Bilderservice
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PuTTY_is1" = PuTTY version 0.62
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"VMware_Workstation" = VMware Workstation
"winscp3_is1" = WinSCP 4.3.7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 06:40:31 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1be4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fbcea0238
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: fbdf0afe-da32-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:37 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x18d8 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fbfd5724e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ff7a338d-da32-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:43 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1958 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fc318e5b0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 031ae9f6-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xbf4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fc6b93e5b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 06bd6584-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:55 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1514 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fca5bb9ea
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0a5dbe2f-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:41:14 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x100c Startzeit der fehlerhaften Anwendung: 0x01cd6e3fd529b8e8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 154f71d2-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:41:44 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x6b0 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fe7764d04
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 27608386-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:02 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1bb0 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff22c7e3f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 32418d87-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:09 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1850 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff5e4a4ad
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 35e44792-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:15 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xe4c Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff9829bf7
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 39823edc-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:21 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x13c4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ffd22f4a2
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3d24f8e7-da33-11e1-a94e-0008cae5d310
[ Broadcom Wireless LAN Events ]
Error - 30.07.2012 03:09:09 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 09:09:09, Mon, Jul 30, 12 Error - Adaptername ID is not available within
the connection manager
Error - 30.07.2012 03:09:09 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 09:09:09, Mon, Jul 30, 12 Error - Unable to initialize Connection Manager
for "Broadcom 802.11n Network Adapter"
Error - 30.07.2012 04:02:12 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 10:02:12, Mon, Jul 30, 12 Error - (CCC.exe-4956) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:02:33 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:02:33, Mon, Jul 30, 12 Error - (CCC.exe-4788) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:04:41 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:04:41, Mon, Jul 30, 12 Error - (CCC.exe-4760) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:17:05 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:17:05, Mon, Jul 30, 12 Error - (CCC.exe-4660) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:39:24 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:39:24, Mon, Jul 30, 12 Error - (CCC.exe-4584) Unable to get interface
information to enumerate interfaces
[ System Events ]
Error - 30.07.2012 06:16:48 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:16:51 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 30.07.2012 06:17:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "HomeGroup Provider" ist vom Dienst "Function Discovery
Resource Publication" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2147024891
Error - 30.07.2012 06:17:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Function Discovery Resource Publication" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 30.07.2012 06:39:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE and AuthIP IPsec Keying Modules" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:39:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:39:10 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 30.07.2012 06:39:11 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 30.07.2012 06:39:25 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "HomeGroup Provider" ist vom Dienst "Function Discovery
Resource Publication" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2147024891
Error - 30.07.2012 06:39:25 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Function Discovery Resource Publication" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
|
|
30.07.2012, 11:53
| #4 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ OTL.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,62 Gb Available Physical Memory | 85,37% Memory free 16,74 Gb Paging File | 14,10 Gb Available in Paging File | 84,26% Paging File free Paging file location(s): c:\pagefile.sys 800 1000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 25,02 Gb Free Space | 22,40% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 444,86 Gb Free Space | 47,76% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.30 12:11:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.05.25 22:23:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.12.01 19:11:36 | 000,671,744 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe PRC - [2009.08.20 13:43:52 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 20:45:47 | 020,313,384 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012.06.19 20:45:45 | 000,895,312 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012.06.19 20:45:42 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012.06.19 20:45:40 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012.06.19 20:45:38 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012.06.16 19:03:34 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.16 19:03:20 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.06.16 18:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.16 18:57:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.26 09:22:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.26 09:22:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.26 09:22:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.26 09:22:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.26 09:22:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.25 19:18:54 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.11.28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.28 12:27:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:59:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 22:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.26 21:18:01 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.05.25 23:09:03 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.25 19:18:46 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.05.25 19:18:33 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.05.25 19:18:28 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.11.03 07:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.09.21 08:22:34 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.09.20 10:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.07.06 12:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 05:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 05:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.05.20 16:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.13 18:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 48 F8 FD 9C 3A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.30 00:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 22:35:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] [2012.05.25 21:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2012.07.18 18:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions [2012.07.08 08:13:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.06.14 12:41:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.26 10:10:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.31 21:02:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\foxmarks@kei.com [2012.06.28 23:10:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com [2012.06.06 14:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.06 14:44:21 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.07.18 18:59:05 | 000,045,154 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\BITTORRENT_WEBUI_2@FIREFOX.ALEXISBRUNET.COM.XPI [2012.05.26 10:10:40 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI [2012.06.28 23:10:35 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.07.18 18:59:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: LastPass = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.05.26 09:56:59 | 000,002,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21164624-2FB7-4C5D-922F-18C67E09CC63}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D62C0BA-E57B-4C00-9550-1B0A41A7DB12}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell - "" = AutoRun O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy) [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy) [2012.07.30 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.30 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.07.30 09:53:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.07.30 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.07.30 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.07.30 00:39:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.07.29 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.07.29 23:26:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Lexmark [2012.07.28 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira [2012.07.28 13:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.28 13:50:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.28 13:50:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.28 13:50:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.28 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.07.20 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\105_PANA [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\touchbyte_GmbH [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoSync [2012.07.16 23:59:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Weichtalklamm [2012.07.12 19:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.12 19:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.12 19:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.12 19:23:45 | 000,000,000 | ---D | C] -- C:\AMD [2012.07.12 17:03:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.12 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.12 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Arduino [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.07.11 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\arduino-1.0.1 [2012.07.08 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.07.04 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\temp [2012.07.02 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Damian Pasternak [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fotosizer [2012.05.28 16:51:36 | 014,844,448 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2012.07.30 12:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.30 12:39:02 | 4259,557,374 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 12:36:13 | 000,000,188 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:28:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000UA.job [2012.07.30 12:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 12:22:43 | 001,506,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 12:22:43 | 000,654,452 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.30 12:22:43 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 12:22:43 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.30 12:22:43 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.30 12:21:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 12:21:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 12:14:07 | 000,001,531 | ---- | M] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 00:50:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.07.30 00:28:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000Core.job [2012.07.29 23:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | M] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.17 00:18:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 18:24:42 | 000,002,368 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.11 18:18:14 | 004,963,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 21:22:48 | 000,003,584 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk ========== Files Created - No Company Name ========== [2012.07.30 12:36:13 | 000,000,188 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:02 | 000,001,531 | ---- | C] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 12:13:16 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000032.@ [2012.07.30 11:48:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@ [2012.07.30 09:49:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 09:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@ [2012.07.29 23:26:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | C] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.28 13:23:36 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\000000cb.@ [2012.07.28 13:23:31 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@ [2012.07.17 00:18:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | C] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.02 21:22:48 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown Scheduler.lnk [2012.07.02 13:08:00 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk [2012.06.04 13:03:20 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.25 23:13:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.25 23:11:40 | 000,000,600 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\winscp.rnd [2012.05.25 23:09:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.25 23:08:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.25 19:32:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.25 19:08:53 | 000,070,145 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.25 19:07:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.25 19:07:35 | 000,048,199 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll ========== LOP Check ========== [2012.07.02 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.06.06 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Activision [2012.07.11 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.05.25 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite [2012.07.30 12:39:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.06.30 09:07:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla [2012.07.08 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.06.29 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Imagenomic [2012.07.30 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.06.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PACE Anti-Piracy [2012.06.19 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDAppFlex [2012.07.17 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.30 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.05.26 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TeamViewer [2012.05.26 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TrueCrypt [2009.07.14 07:08:49 | 000,011,278 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.07.2012 12:41:02 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 13,62 Gb Available Physical Memory | 85,37% Memory free
16,74 Gb Paging File | 14,10 Gb Available in Paging File | 84,26% Paging File free
Paging file location(s): c:\pagefile.sys 800 1000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 25,02 Gb Free Space | 22,40% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 444,86 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files (x86)\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel(R) Network Connections 16.6.126.0
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"{F96F51B9-6940-4559-9F49-22A511CFF4BB}" = PhotoSync
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"ImagenomicPortraitureLightroomPlugin" = Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 16.6.126.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"CWK" = SDS (Shutdown Scheduler)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Dynamic-Photo HDR 5_is1" = Dynamic-Photo HDR 5
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.5.3
"Fotosizer" = Fotosizer 1.34
"HDR Efex Pro" = HDR Efex Pro
"ImgBurn" = ImgBurn
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastPass" = LastPass (uninstall only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Markt Bilderservice" = Media Markt Bilderservice
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PuTTY_is1" = PuTTY version 0.62
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"VMware_Workstation" = VMware Workstation
"winscp3_is1" = WinSCP 4.3.7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 06:40:31 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1be4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fbcea0238
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: fbdf0afe-da32-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:37 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x18d8 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fbfd5724e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ff7a338d-da32-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:43 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1958 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fc318e5b0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 031ae9f6-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xbf4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fc6b93e5b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 06bd6584-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:40:55 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1514 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fca5bb9ea
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0a5dbe2f-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:41:14 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x100c Startzeit der fehlerhaften Anwendung: 0x01cd6e3fd529b8e8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 154f71d2-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:41:44 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x6b0 Startzeit der fehlerhaften Anwendung: 0x01cd6e3fe7764d04
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 27608386-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:02 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1bb0 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff22c7e3f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 32418d87-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:09 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1850 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff5e4a4ad
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 35e44792-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:15 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xe4c Startzeit der fehlerhaften Anwendung: 0x01cd6e3ff9829bf7
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 39823edc-da33-11e1-a94e-0008cae5d310
Error - 30.07.2012 06:42:21 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.82.97,
Zeitstempel: 0x4e264e22 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x13c4 Startzeit der fehlerhaften Anwendung: 0x01cd6e3ffd22f4a2
Pfad
der fehlerhaften Anwendung: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3d24f8e7-da33-11e1-a94e-0008cae5d310
[ Broadcom Wireless LAN Events ]
Error - 30.07.2012 03:09:09 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 09:09:09, Mon, Jul 30, 12 Error - Adaptername ID is not available within
the connection manager
Error - 30.07.2012 03:09:09 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 09:09:09, Mon, Jul 30, 12 Error - Unable to initialize Connection Manager
for "Broadcom 802.11n Network Adapter"
Error - 30.07.2012 04:02:12 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 10:02:12, Mon, Jul 30, 12 Error - (CCC.exe-4956) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:02:33 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:02:33, Mon, Jul 30, 12 Error - (CCC.exe-4788) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:04:41 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:04:41, Mon, Jul 30, 12 Error - (CCC.exe-4760) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:17:05 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:17:05, Mon, Jul 30, 12 Error - (CCC.exe-4660) Unable to get interface
information to enumerate interfaces
Error - 30.07.2012 06:39:24 | Computer Name = Stefan-PC | Source = WLAN-Tray | ID = 0
Description = 12:39:24, Mon, Jul 30, 12 Error - (CCC.exe-4584) Unable to get interface
information to enumerate interfaces
[ System Events ]
Error - 30.07.2012 06:16:48 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:16:51 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 30.07.2012 06:17:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "HomeGroup Provider" ist vom Dienst "Function Discovery
Resource Publication" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2147024891
Error - 30.07.2012 06:17:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Function Discovery Resource Publication" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 30.07.2012 06:39:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE and AuthIP IPsec Keying Modules" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:39:07 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.07.2012 06:39:10 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 30.07.2012 06:39:11 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 30.07.2012 06:39:25 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "HomeGroup Provider" ist vom Dienst "Function Discovery
Resource Publication" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2147024891
Error - 30.07.2012 06:39:25 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Function Discovery Resource Publication" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
|
|
30.07.2012, 12:00
| #5 | |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Sorry, hatte schon die OTL Logs in der normalen Länge erstellt und gepostet gehabt... TDSSKiller Log Zitat:
|
|
30.07.2012, 12:13
| #6 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi, Du hast einen "Kopierschutztreiber" drauf, der manchmal verwendet wird (z. B. von giveawayoftheday.com)... (C:\Windows\SysWOW64\nlssrv32.exe). Falls Du ihn runterhaben willst (er erlaubt die verdeckte Installation von SW, übliche Tools zur "Überwachung" einer Installation laufen dann nicht mehr)->wenn Du ihn runter haben willst, melden... Da läuft ziemlich viel von VMWARE drauf, ist das ein geschäftlich genutzer PC? Fix für OTL:
 Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.30 11:48:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@
[2012.07.30 09:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@
[2012.07.28 13:23:36 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\000000cb.@
[2012.07.28 13:23:31 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@
[2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@
[2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@
:Commands
[emptytemp]
[Reboot]
Den Wert setzten wir noch später, da raucht er des öfteren beim Fixen ab (das Sicherheitscenter ist abgeschaltet!): 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = dword:0x01 Bevor ich mit ComboFix anfange, möchte ich noch ein anderes Tool probieren: Panda-TLD4-Killer Den Killler auf das Desktop runterladen: TDSS-Killer Starte den Killer, den anschließenden Neustart erlauben! Falls die Sicherheitslösung mosert, bitte ausschalten oder yorkyt.exe als Ausnahme zulassen! Nach dem Reboot sollte der Killer von alleine starten (Please wait... Running...), nicht unterbrechen, nichts am Rechner machen (Laufzeit ca. 5 Minuten). Wird etwas gefunden, (Detected and requested some bad files) zuerst das Log posten (liegt da wo die Exe liegt, also auf dem Desktop), ->poste den Inhalt der yorkyt.exe.log. Falls Freigabe erteilt Ja auswählen, der Rechner wird neu gestartet und die erkannten (verseuchten) Treiber ausgetauscht, die TLD-Files gelöscht (yorkyt startet wieder automatisch, nicht unterbrechen!). Poste nach der Bereinigung noch mal das Log... Erstelle und poste ein neues OTL-Log... chris
__________________ --> TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ |
|
30.07.2012, 21:36
| #7 | |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Nein, der PC wird nicht geschäftlich genutzt. Ich hab nur zwei virtuelle Maschinen manchmal am Laufen (Debian und nun auch Windows 8 zum Testen). Virtualbox ist für mich in manchen Dingen nicht das Gelbe vom Ei. Bei der Ausführung von OTL mit den genannten Befehlen ist der Rechner nach gefühlten 3 ms mit BSOD abgestürzt. :-( Ich hab dann das Panda Tool ausgeführt: Code:
ATTFilter 2012-07-30 22:29:17: ****************************************************
2012-07-30 22:29:17: Starting UP ... v 0.0.0.220
2012-07-30 22:29:17: ****************************************************
2012-07-30 22:29:17: Stop TPSRV returns: 2
2012-07-30 22:29:38: Listing processes...
2012-07-30 22:29:38: :[System Process]:0
2012-07-30 22:29:38: :System:4
2012-07-30 22:29:38: :smss.exe:384
2012-07-30 22:29:38: :csrss.exe:584
2012-07-30 22:29:38: :wininit.exe:684
2012-07-30 22:29:38: :csrss.exe:692
2012-07-30 22:29:38: :services.exe:740
2012-07-30 22:29:38: :lsass.exe:776
2012-07-30 22:29:38: :lsm.exe:784
2012-07-30 22:29:38: :winlogon.exe:820
2012-07-30 22:29:38: :svchost.exe:940
2012-07-30 22:29:38: :svchost.exe:192
2012-07-30 22:29:38: :atiesrxx.exe:532
2012-07-30 22:29:38: :svchost.exe:884
2012-07-30 22:29:38: :svchost.exe:1028
2012-07-30 22:29:38: :svchost.exe:1052
2012-07-30 22:29:38: :audiodg.exe:1124
2012-07-30 22:29:38: :svchost.exe:1196
2012-07-30 22:29:38: :svchost.exe:1332
2012-07-30 22:29:38: :atieclxx.exe:1440
2012-07-30 22:29:38: :WLTRYSVC.EXE:1516
2012-07-30 22:29:38: :wlanext.exe:1524
2012-07-30 22:29:38: :conhost.exe:1532
2012-07-30 22:29:38: :taskeng.exe:1676
2012-07-30 22:29:38: :spoolsv.exe:1716
2012-07-30 22:29:38: :sched.exe:1744
2012-07-30 22:29:38: :avguard.exe:1276
2012-07-30 22:29:38: :AppleMobileDeviceService.exe:1360
2012-07-30 22:29:38: :mDNSResponder.exe:1340
2012-07-30 22:29:38: :btwdins.exe:2052
2012-07-30 22:29:38: :svchost.exe:2080
2012-07-30 22:29:38: :DTSU2PAuSrv64.exe:2108
2012-07-30 22:29:38: :HeciServer.exe:2152
2012-07-30 22:29:38: :IPROSetMonitor.exe:2200
2012-07-30 22:29:38: :Jhi_service.exe:2256
2012-07-30 22:29:38: :nlssrv32.exe:2292
2012-07-30 22:29:38: :sppsvc.exe:2348
2012-07-30 22:29:38: :svchost.exe:2388
2012-07-30 22:29:38: :TeamViewer_Service.exe:2416
2012-07-30 22:29:38: :vmware-usbarbitrator64.exe:2496
2012-07-30 22:29:38: :taskhost.exe:2552
2012-07-30 22:29:38: :vmnat.exe:2724
2012-07-30 22:29:38: :WLIDSVC.EXE:2772
2012-07-30 22:29:38: :vmware-authd.exe:2820
2012-07-30 22:29:38: :TeamViewer.exe:2892
2012-07-30 22:29:38: :vmnetdhcp.exe:2908
2012-07-30 22:29:38: :WLIDSVCM.EXE:3032
2012-07-30 22:29:38: :taskeng.exe:1656
2012-07-30 22:29:38: :avshadow.exe:3172
2012-07-30 22:29:38: :conhost.exe:3180
2012-07-30 22:29:38: :SearchIndexer.exe:3268
2012-07-30 22:29:38: :svchost.exe:3360
2012-07-30 22:29:38: :tv_w32.exe:3464
2012-07-30 22:29:38: :tv_x64.exe:3472
2012-07-30 22:29:38: :WUDFHost.exe:3484
2012-07-30 22:29:38: :WmiPrvSE.exe:3528
2012-07-30 22:29:38: :SearchProtocolHost.exe:3616
2012-07-30 22:29:38: :SearchFilterHost.exe:3636
2012-07-30 22:29:38: :TrustedInstaller.exe:3716
2012-07-30 22:29:38: :dwm.exe:3848
2012-07-30 22:29:38: :explorer.exe:3872
2012-07-30 22:29:38: :RtkNGUI64.exe:2640
2012-07-30 22:29:38: :RAVBg64.exe:2452
2012-07-30 22:29:38: :WLTRAY.EXE:3608
2012-07-30 22:29:38: :sidebar.exe:3744
2012-07-30 22:29:38: :Steam.exe:3768
2012-07-30 22:29:38: :BTTray.exe:1764
2012-07-30 22:29:38: :Dropbox.exe:3828
2012-07-30 22:29:38: :EvernoteClipper.exe:3944
2012-07-30 22:29:38: :WFTPairing.exe:3912
2012-07-30 22:29:38: :svchost.exe:3244
2012-07-30 22:29:38: :iusb3mon.exe:4172
2012-07-30 22:29:38: :IAStorIcon.exe:4184
2012-07-30 22:29:38: :acrotray.exe:4444
2012-07-30 22:29:38: :vmware-tray.exe:4460
2012-07-30 22:29:38: :iTunesHelper.exe:4504
2012-07-30 22:29:38: :DivXUpdate.exe:4516
2012-07-30 22:29:38: :avgnt.exe:4560
2012-07-30 22:29:38: :mbamgui.exe:4580
2012-07-30 22:29:38: :MOM.exe:4588
2012-07-30 22:29:38: :EOSUPNPSV.exe:4760
2012-07-30 22:29:38: :conhost.exe:4780
2012-07-30 22:29:38: :CCC.exe:4924
2012-07-30 22:29:38: :iPodService.exe:3680
2012-07-30 22:29:38: :wmpnetwk.exe:5400
2012-07-30 22:29:38: :rundll32.exe:5660
2012-07-30 22:29:38: :SteamService.exe:5692
2012-07-30 22:29:38: :HydraDM.exe:5912
2012-07-30 22:29:38: :BTStackServer.exe:5952
2012-07-30 22:29:38: :HydraDM64.exe:5964
2012-07-30 22:29:38: :firefox.exe:6080
2012-07-30 22:29:38: :plugin-container.exe:5336
2012-07-30 22:29:38: :FlashPlayerPlugin_11_3_300_268.exe:4380
2012-07-30 22:29:38: :FlashPlayerPlugin_11_3_300_268.exe:6036
2012-07-30 22:29:38: :PresentationFontCache.exe:6912
2012-07-30 22:29:38: :avscan.exe:4992
2012-07-30 22:29:38: :yorkyt.exe:7044
2012-07-30 22:29:38: :BCMWLTRY.EXE:6224
2012-07-30 22:29:38:
2012-07-30 22:29:38: Setting restore point
2012-07-30 22:29:38: RUN mode
2012-07-30 22:29:38: Determining autonomous or dropped mode...
2012-07-30 22:29:38: Autonomus mode
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AeLookupSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\aelupsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\aelupsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: aelupsvc.dll
2012-07-30 22:29:38: Original File Name: aelupsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AppIDSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appidsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\appidsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: appidsvc.dll
2012-07-30 22:29:38: Original File Name: appidsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Appinfo
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appinfo.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\appinfo.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\appinfo.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: appinfo.dll
2012-07-30 22:29:38: Original File Name: appinfo.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AppMgmt
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appmgmts.dll
2012-07-30 22:29:38: Display Name: @appmgmts.dll,-3250
2012-07-30 22:29:38: Description: @appmgmts.dll,-3251
2012-07-30 22:29:38: ServiceDLL: System32\appmgmts.dll
2012-07-30 22:29:38: File size: 149504
2012-07-30 22:29:38: DLL File name: appmgmts.dll
2012-07-30 22:29:38: Original File Name: appmgmts.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031453 20090714013834 20090714013834
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AudioEndpointBuilder
2012-07-30 22:29:38: Real Path: C:\Windows\System32\Audiosrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-07-30 22:29:38: ServiceDLL: System32\Audiosrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Audiosrv.dll
2012-07-30 22:29:38: Original File Name: audiosrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AudioSrv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\Audiosrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\Audiosrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Audiosrv.dll
2012-07-30 22:29:38: Original File Name: audiosrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AxInstSV
2012-07-30 22:29:38: Real Path: C:\Windows\System32\AxInstSV.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-07-30 22:29:38: ServiceDLL: System32\AxInstSV.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: AxInstSV.dll
2012-07-30 22:29:38: Original File Name: AxInstSv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: BDESVC
2012-07-30 22:29:38: Real Path: C:\Windows\System32\bdesvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\bdesvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: bdesvc.dll
2012-07-30 22:29:38: Original File Name: BDESVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Browser
2012-07-30 22:29:38: Real Path: C:\Windows\System32\browser.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\browser.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\browser.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\browser.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: browser.dll
2012-07-30 22:29:38: Original File Name: browser.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: bthserv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\bthserv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\bthserv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: bthserv.dll
2012-07-30 22:29:38: Original File Name: BTHSERV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CertPropSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\certprop.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-07-30 22:29:38: ServiceDLL: System32\certprop.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: certprop.dll
2012-07-30 22:29:38: Original File Name: certprop.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CryptSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\cryptsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-07-30 22:29:38: ServiceDLL: system32\cryptsvc.dll
2012-07-30 22:29:38: File size: 140288
2012-07-30 22:29:38: DLL File name: cryptsvc.dll
2012-07-30 22:29:38: Original File Name: cryptsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20120424063642 20120614044609 20120614044609
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CscService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\cscsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2012-07-30 22:29:38: Description: @%systemroot%\system32\cscsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\cscsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: cscsvc.dll
2012-07-30 22:29:38: Original File Name: cscsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: DcomLaunch
2012-07-30 22:29:38: Real Path: C:\Windows\system32\rpcss.dll
2012-07-30 22:29:38: Display Name: @oleres.dll,-5012
2012-07-30 22:29:38: Description: @oleres.dll,-5013
2012-07-30 22:29:38: ServiceDLL: system32\rpcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rpcss.dll
2012-07-30 22:29:38: Original File Name: rpcss.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: defragsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\defragsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\defragsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: defragsvc.dll
2012-07-30 22:29:38: Original File Name: defragsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Dhcp
2012-07-30 22:29:38: Real Path: C:\Windows\system32\dhcpcore.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\dhcpcore.dll
2012-07-30 22:29:38: File size: 254464
2012-07-30 22:29:38: DLL File name: dhcpcore.dll
2012-07-30 22:29:38: Original File Name: dhcpcore.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120141830 20120525211007 20120525211007
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Dnscache
2012-07-30 22:29:38: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\dnsrslvr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dnsrslvr.dll
2012-07-30 22:29:38: Original File Name: dnsrslvr.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: dot3svc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\dot3svc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-07-30 22:29:38: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-07-30 22:29:38: ServiceDLL: System32\dot3svc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dot3svc.dll
2012-07-30 22:29:38: Original File Name: dot3svc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: DPS
2012-07-30 22:29:38: Real Path: C:\Windows\system32\dps.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\dps.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\dps.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\dps.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dps.dll
2012-07-30 22:29:38: Original File Name: dps.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: EapHost
2012-07-30 22:29:38: Real Path: C:\Windows\System32\eapsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-07-30 22:29:38: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\eapsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: eapsvc.dll
2012-07-30 22:29:38: Original File Name: eapsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: EventSystem
2012-07-30 22:29:38: Real Path: C:\Windows\system32\es.dll
2012-07-30 22:29:38: Display Name: @comres.dll,-2450
2012-07-30 22:29:38: Description: @comres.dll,-2451
2012-07-30 22:29:38: ServiceDLL: system32\es.dll
2012-07-30 22:29:38: File size: 271360
2012-07-30 22:29:38: DLL File name: es.dll
2012-07-30 22:29:38: Original File Name: ES.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031519 20090714014438 20090714014438
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: fdPHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\fdPHost.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\fdPHost.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: fdPHost.dll
2012-07-30 22:29:38: Original File Name: fdPHost.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: FDResPub
2012-07-30 22:29:38: Real Path: C:\Windows\system32\fdrespub.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\fdrespub.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: fdrespub.dll
2012-07-30 22:29:38: Original File Name: FDResPub.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: FontCache
2012-07-30 22:29:38: Real Path: C:\Windows\system32\FntCache.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\FntCache.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\FntCache.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: FntCache.dll
2012-07-30 22:29:38: Original File Name: FontCacheService
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: gpsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\gpsvc.dll
2012-07-30 22:29:38: Display Name: @gpapi.dll,-112
2012-07-30 22:29:38: Description: @gpapi.dll,-113
2012-07-30 22:29:38: ServiceDLL: System32\gpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: gpsvc.dll
2012-07-30 22:29:38: Original File Name: gpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: hidserv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\hidserv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\hidserv.dll
2012-07-30 22:29:38: File size: 49152
2012-07-30 22:29:38: DLL File name: hidserv.dll
2012-07-30 22:29:38: Original File Name: HIDSERV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031524 20090714015109 20090714015109
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: hkmsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\kmsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-07-30 22:29:38: ServiceDLL: system32\kmsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: kmsvc.dll
2012-07-30 22:29:38: Original File Name: KmSvc.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: HomeGroupListener
2012-07-30 22:29:38: Real Path: C:\Windows\system32\ListSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\ListSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ListSvc.dll
2012-07-30 22:29:38: Original File Name: ListSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: HomeGroupProvider
2012-07-30 22:29:38: Real Path: C:\Windows\system32\provsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\provsvc.dll
2012-07-30 22:29:38: File size: 165376
2012-07-30 22:29:38: DLL File name: provsvc.dll
2012-07-30 22:29:38: Original File Name: provsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142057 20120525211002 20120525211002
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: IKEEXT
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ikeext.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-07-30 22:29:38: ServiceDLL: System32\ikeext.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ikeext.dll
2012-07-30 22:29:38: Original File Name: IKEEXT.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: IPBusEnum
2012-07-30 22:29:38: Real Path: C:\Windows\system32\ipbusenum.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-07-30 22:29:38: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-07-30 22:29:38: ServiceDLL: system32\ipbusenum.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ipbusenum.dll
2012-07-30 22:29:38: Original File Name: IPBusEnum.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: KtmRm
2012-07-30 22:29:38: Real Path: C:\Windows\system32\msdtckrm.dll
2012-07-30 22:29:38: Display Name: @comres.dll,-2946
2012-07-30 22:29:38: Description: @comres.dll,-2947
2012-07-30 22:29:38: ServiceDLL: system32\msdtckrm.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: msdtckrm.dll
2012-07-30 22:29:38: Original File Name: MSDTCKRM.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: LanmanServer
2012-07-30 22:29:38: Real Path: C:\Windows\system32\srvsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\srvsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: srvsvc.dll
2012-07-30 22:29:38: Original File Name: SRVSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: LanmanWorkstation
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wkssvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wkssvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wkssvc.dll
2012-07-30 22:29:38: Original File Name: WKSSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: lltdsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\lltdsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\lltdsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: lltdsvc.dll
2012-07-30 22:29:38: Original File Name: LLTDSVC.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: lmhosts
2012-07-30 22:29:38: Real Path: C:\Windows\System32\lmhsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\lmhsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: lmhsvc.dll
2012-07-30 22:29:38: Original File Name: lmhsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Mcx2Svc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-07-30 22:29:38: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-07-30 22:29:38: ServiceDLL: system32\Mcx2Svc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Mcx2Svc.dll
2012-07-30 22:29:38: Original File Name: Mcx2Svc.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: MMCSS
2012-07-30 22:29:38: Real Path: C:\Windows\system32\mmcss.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\mmcss.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\mmcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: mmcss.dll
2012-07-30 22:29:38: Original File Name: mmcss.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: MSiSCSI
2012-07-30 22:29:38: Real Path: C:\Windows\system32\iscsiexe.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-07-30 22:29:38: ServiceDLL: system32\iscsiexe.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: iscsiexe.dll
2012-07-30 22:29:38: Original File Name: iscsiexe.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: napagent
2012-07-30 22:29:38: Real Path: C:\Windows\system32\qagentRT.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-07-30 22:29:38: ServiceDLL: system32\qagentRT.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: qagentRT.dll
2012-07-30 22:29:38: Original File Name: QAgentRT.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Netman
2012-07-30 22:29:38: Real Path: C:\Windows\System32\netman.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\netman.dll,-110
2012-07-30 22:29:38: ServiceDLL: System32\netman.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: netman.dll
2012-07-30 22:29:38: Original File Name: netman.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: netprofm
2012-07-30 22:29:38: Real Path: C:\Windows\System32\netprofm.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-07-30 22:29:38: ServiceDLL: System32\netprofm.dll
2012-07-30 22:29:38: File size: 360448
2012-07-30 22:29:38: DLL File name: netprofm.dll
2012-07-30 22:29:38: Original File Name: netprofm.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031603 20090714015658 20090714015658
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: NlaSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\nlasvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\nlasvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: nlasvc.dll
2012-07-30 22:29:38: Original File Name: nlasvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: nsi
2012-07-30 22:29:38: Real Path: C:\Windows\system32\nsisvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\nsisvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: nsisvc.dll
2012-07-30 22:29:38: Original File Name: nsisvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: p2pimsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-07-30 22:29:38: ServiceDLL: system32\pnrpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpsvc.dll
2012-07-30 22:29:38: Original File Name: pnrpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: p2psvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\p2psvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-07-30 22:29:38: ServiceDLL: system32\p2psvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: p2psvc.dll
2012-07-30 22:29:38: Original File Name: p2psvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: PcaSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\pcasvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\pcasvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pcasvc.dll
2012-07-30 22:29:38: Original File Name:
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PeerDistSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\peerdistsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2012-07-30 22:29:38: ServiceDLL: system32\peerdistsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: peerdistsvc.dll
2012-07-30 22:29:38: Original File Name: PeerDistSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: pla
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pla.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\pla.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\pla.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\pla.dll
2012-07-30 22:29:38: File size: 1508864
2012-07-30 22:29:38: DLL File name: pla.dll
2012-07-30 22:29:38: Original File Name: PLA.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142054 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PlugPlay
2012-07-30 22:29:38: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\umpnpmgr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umpnpmgr.dll
2012-07-30 22:29:38: Original File Name: Umpnpmgr.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PNRPAutoReg
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpauto.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-07-30 22:29:38: ServiceDLL: system32\pnrpauto.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpauto.dll
2012-07-30 22:29:38: Original File Name: pnrpauto.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PNRPsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-07-30 22:29:38: ServiceDLL: system32\pnrpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpsvc.dll
2012-07-30 22:29:38: Original File Name: pnrpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PolicyAgent
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-07-30 22:29:38: ServiceDLL: System32\ipsecsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ipsecsvc.dll
2012-07-30 22:29:38: Original File Name: ipsecsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Power
2012-07-30 22:29:38: Real Path: C:\Windows\system32\umpo.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\umpo.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umpo.dll
2012-07-30 22:29:38: Original File Name: Umpo.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: ProfSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\profsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-07-30 22:29:38: Description: @%systemroot%\system32\profsvc.dll,-301
2012-07-30 22:29:38: ServiceDLL: system32\profsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: profsvc.dll
2012-07-30 22:29:38: Original File Name: ProfSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: QWAVE
2012-07-30 22:29:38: Real Path: C:\Windows\system32\qwave.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-07-30 22:29:38: ServiceDLL: system32\qwave.dll
2012-07-30 22:29:38: File size: 210944
2012-07-30 22:29:38: DLL File name: qwave.dll
2012-07-30 22:29:38: Original File Name: qwave.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031612 20090714015415 20090714015415
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RasAuto
2012-07-30 22:29:38: Real Path: C:\Windows\System32\rasauto.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\rasauto.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rasauto.dll
2012-07-30 22:29:38: Original File Name: rasauto.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RasMan
2012-07-30 22:29:38: Real Path: C:\Windows\System32\rasmans.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\rasmans.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rasmans.dll
2012-07-30 22:29:38: Original File Name: Rasmans.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RemoteAccess
2012-07-30 22:29:38: Real Path: C:\Windows\System32\mprdim.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\mprdim.dll
2012-07-30 22:29:38: File size: 75264
2012-07-30 22:29:38: DLL File name: mprdim.dll
2012-07-30 22:29:38: Original File Name: MPRDIM.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031541 20090714015426 20090714015426
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RemoteRegistry
2012-07-30 22:29:38: Real Path: C:\Windows\system32\regsvc.dll
2012-07-30 22:29:38: Display Name: @regsvc.dll,-1
2012-07-30 22:29:38: Description: @regsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: system32\regsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: regsvc.dll
2012-07-30 22:29:38: Original File Name: REGSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RpcEptMapper
2012-07-30 22:29:38: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-07-30 22:29:38: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-07-30 22:29:38: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-07-30 22:29:38: ServiceDLL: System32\RpcEpMap.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: RpcEpMap.dll
2012-07-30 22:29:38: Original File Name: RpcEpMap.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RpcSs
2012-07-30 22:29:38: Real Path: C:\Windows\system32\rpcss.dll
2012-07-30 22:29:38: Display Name: @oleres.dll,-5010
2012-07-30 22:29:38: Description: @oleres.dll,-5011
2012-07-30 22:29:38: ServiceDLL: system32\rpcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rpcss.dll
2012-07-30 22:29:38: Original File Name: rpcss.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SCardSvr
2012-07-30 22:29:38: Real Path: C:\Windows\System32\SCardSvr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-07-30 22:29:38: ServiceDLL: System32\SCardSvr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: SCardSvr.dll
2012-07-30 22:29:38: Original File Name: SCardSvr.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Schedule
2012-07-30 22:29:38: Real Path: C:\Windows\system32\schedsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\schedsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: schedsvc.dll
2012-07-30 22:29:38: Original File Name: schedsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SCPolicySvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\certprop.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-07-30 22:29:38: ServiceDLL: System32\certprop.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: certprop.dll
2012-07-30 22:29:38: Original File Name: certprop.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SDRSVC
2012-07-30 22:29:38: Real Path: C:\Windows\System32\SDRSVC.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\SDRSVC.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: SDRSVC.dll
2012-07-30 22:29:38: Original File Name: SDRSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: seclogon
2012-07-30 22:29:38: Real Path: C:\Windows\system32\seclogon.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-07-30 22:29:38: ServiceDLL: system32\seclogon.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: seclogon.dll
2012-07-30 22:29:38: Original File Name: SECLOGON.EXE.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SENS
2012-07-30 22:29:38: Real Path: C:\Windows\System32\sens.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\sens.dll
2012-07-30 22:29:38: File size: 49664
2012-07-30 22:29:38: DLL File name: sens.dll
2012-07-30 22:29:38: Original File Name: sens.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031613 20090714012158 20090714012158
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SensrSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sensrsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-07-30 22:29:38: ServiceDLL: system32\sensrsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sensrsvc.dll
2012-07-30 22:29:38: Original File Name: sensrsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SessionEnv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sessenv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-07-30 22:29:38: ServiceDLL: system32\sessenv.dll
2012-07-30 22:29:38: File size: 113664
2012-07-30 22:29:38: DLL File name: sessenv.dll
2012-07-30 22:29:38: Original File Name: SessEnv.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142108 20120525211009 20120525211009
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: ShellHWDetection
2012-07-30 22:29:38: Real Path: C:\Windows\System32\shsvcs.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-07-30 22:29:38: ServiceDLL: System32\shsvcs.dll
2012-07-30 22:29:38: File size: 328192
2012-07-30 22:29:38: DLL File name: shsvcs.dll
2012-07-30 22:29:38: Original File Name: SHSVCS.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142119 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: sppuinotify
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sppuinotify.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\sppuinotify.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sppuinotify.dll
2012-07-30 22:29:38: Original File Name: sppuinotify.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SSDPSRV
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\ssdpsrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ssdpsrv.dll
2012-07-30 22:29:38: Original File Name: ssdpsrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SstpSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sstpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\sstpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sstpsvc.dll
2012-07-30 22:29:38: Original File Name: sstpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: stisvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wiaservc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-07-30 22:29:38: ServiceDLL: System32\wiaservc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wiaservc.dll
2012-07-30 22:29:38: Original File Name: WIASERVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: swprv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\swprv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\swprv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: swprv.dll
2012-07-30 22:29:38: Original File Name: SWPRV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SysMain
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sysmain.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-07-30 22:29:38: ServiceDLL: system32\sysmain.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sysmain.dll
2012-07-30 22:29:38: Original File Name: sysmain.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TabletInputService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\TabSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\TabSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: TabSvc.dll
2012-07-30 22:29:38: Original File Name: TabSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TapiSrv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\tapisrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-07-30 22:29:38: ServiceDLL: System32\tapisrv.dll
2012-07-30 22:29:38: File size: 242176
2012-07-30 22:29:38: DLL File name: tapisrv.dll
2012-07-30 22:29:38: Original File Name: TAPISRV.EXE.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142128 20120525211003 20120525211003
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TBS
2012-07-30 22:29:38: Real Path: C:\Windows\System32\tbssvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\tbssvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: tbssvc.dll
2012-07-30 22:29:38: Original File Name: TBSSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TermService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\termsrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-07-30 22:29:38: ServiceDLL: System32\termsrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: termsrv.dll
2012-07-30 22:29:38: Original File Name: termsrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Themes
2012-07-30 22:29:38: Real Path: C:\Windows\system32\themeservice.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-07-30 22:29:38: ServiceDLL: system32\themeservice.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: themeservice.dll
2012-07-30 22:29:38: Original File Name: THEMESERVICE.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: THREADORDER
2012-07-30 22:29:38: Real Path: C:\Windows\system32\mmcss.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-07-30 22:29:38: Description: @%systemroot%\system32\mmcss.dll,-103
2012-07-30 22:29:38: ServiceDLL: system32\mmcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: mmcss.dll
2012-07-30 22:29:38: Original File Name: mmcss.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TrkWks
2012-07-30 22:29:38: Real Path: C:\Windows\System32\trkwks.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\trkwks.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: trkwks.dll
2012-07-30 22:29:38: Original File Name: trkwks.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: UmRdpService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\umrdp.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2012-07-30 22:29:38: ServiceDLL: System32\umrdp.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umrdp.dll
2012-07-30 22:29:38: Original File Name: umrdp.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: upnphost
2012-07-30 22:29:38: Real Path: C:\Windows\System32\upnphost.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-07-30 22:29:38: Description: @%systemroot%\system32\upnphost.dll,-214
2012-07-30 22:29:38: ServiceDLL: System32\upnphost.dll
2012-07-30 22:29:38: File size: 266752
2012-07-30 22:29:38: DLL File name: upnphost.dll
2012-07-30 22:29:38: Original File Name: unpnhost.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031617 20090714015541 20090714015541
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: UxSms
2012-07-30 22:29:38: Real Path: C:\Windows\System32\uxsms.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-07-30 22:29:38: ServiceDLL: System32\uxsms.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: uxsms.dll
2012-07-30 22:29:38: Original File Name: UxSms.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: W32Time
2012-07-30 22:29:38: Real Path: C:\Windows\system32\w32time.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\w32time.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: w32time.dll
2012-07-30 22:29:38: Original File Name: w32time.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WbioSrvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wbiosrvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wbiosrvc.dll
2012-07-30 22:29:38: Original File Name: wbiosrvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: wcncsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wcncsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-07-30 22:29:38: ServiceDLL: System32\wcncsvc.dll
2012-07-30 22:29:38: File size: 276992
2012-07-30 22:29:38: DLL File name: wcncsvc.dll
2012-07-30 22:29:38: Original File Name: WCNCSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142135 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WcsPlugInService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\WcsPlugInService.dll
2012-07-30 22:29:38: File size: 32768
2012-07-30 22:29:38: DLL File name: WcsPlugInService.dll
2012-07-30 22:29:38: Original File Name: WcsPlugInService.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714012513 20090714012513
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WdiServiceHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wdi.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-07-30 22:29:38: Description: @%systemroot%\system32\wdi.dll,-503
2012-07-30 22:29:38: ServiceDLL: system32\wdi.dll
2012-07-30 22:29:38: File size: 76288
2012-07-30 22:29:38: DLL File name: wdi.dll
2012-07-30 22:29:38: Original File Name: wdi.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WdiSystemHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wdi.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\wdi.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\wdi.dll
2012-07-30 22:29:38: File size: 76288
2012-07-30 22:29:38: DLL File name: wdi.dll
2012-07-30 22:29:38: Original File Name: wdi.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: WebClient
2012-07-30 22:29:38: Real Path: C:\Windows\System32\webclnt.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\webclnt.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\webclnt.dll
2012-07-30 22:29:38: File size: 204800
2012-07-30 22:29:38: DLL File name: webclnt.dll
2012-07-30 22:29:38: Original File Name: davsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142135 20120525211009 20120525211009
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Wecsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wecsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\wecsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wecsvc.dll
2012-07-30 22:29:38: Original File Name: wecsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: wercplsupport
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wercplsupport.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-07-30 22:29:38: ServiceDLL: System32\wercplsupport.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wercplsupport.dll
2012-07-30 22:29:38: Original File Name: ERC
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: WerSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WerSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\WerSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WerSvc.dll
2012-07-30 22:29:38: Original File Name: wersvc
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Winmgmt
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-07-30 22:29:38: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-07-30 22:29:38: ServiceDLL: system32\wbem\WMIsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WMIsvc.dll
2012-07-30 22:29:38: Original File Name: wmisvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WinRM
2012-07-30 22:29:38: Real Path: C:\Windows\system32\WsmSvc.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-07-30 22:29:38: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\WsmSvc.dll
2012-07-30 22:29:38: File size: 1175040
2012-07-30 22:29:38: DLL File name: WsmSvc.dll
2012-07-30 22:29:38: Original File Name: WsmSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142139 20120525211009 20120525211009
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Wlansvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wlansvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-07-30 22:29:38: ServiceDLL: System32\wlansvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wlansvc.dll
2012-07-30 22:29:38: Original File Name: wlansvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WPCSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wpcsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wpcsvc.dll
2012-07-30 22:29:38: File size: 10752
2012-07-30 22:29:38: DLL File name: wpcsvc.dll
2012-07-30 22:29:38: Original File Name: wpcsvc.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031620 20090714014010 20090714014010
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WPDBusEnum
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\wpdbusenum.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wpdbusenum.dll
2012-07-30 22:29:38: Original File Name: WpdBusEnum.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: wudfsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-07-30 22:29:38: ServiceDLL: System32\WUDFSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WUDFSvc.dll
2012-07-30 22:29:38: Original File Name: WUDFSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WwanSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wwansvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-07-30 22:29:38: ServiceDLL: System32\wwansvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wwansvc.dll
2012-07-30 22:29:38: Original File Name: WwanSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38:
2012-07-30 22:29:38: Looking for SHELL key
2012-07-30 22:29:38: Now looking for bad DLL files in system32
2012-07-30 22:29:40: Folder: GAC
2012-07-30 22:29:40: Folder: GAC_32
2012-07-30 22:29:40: ... Fixing permissions on C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Folder: GAC_64
2012-07-30 22:29:40: ... Fixing permissions on C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Folder: GAC_MSIL
2012-07-30 22:29:40: Folder: NativeImages_v2.0.50727_32
2012-07-30 22:29:40: Folder: NativeImages_v2.0.50727_64
2012-07-30 22:29:40: Folder: NativeImages_v4.0.30319_32
2012-07-30 22:29:40: Folder: NativeImages_v4.0.30319_64
2012-07-30 22:29:40: Folder: temp
2012-07-30 22:29:40: Folder: tmp
2012-07-30 22:29:40: Checking for bad folder
2012-07-30 22:29:40: Found 1 folders.
2012-07-30 22:29:40: Checking C:\Windows\assembly\tmp
2012-07-30 22:29:40: ... Folder test returns: 1
2012-07-30 22:29:40: Done with folder list in C:\Windows\assembly\ tmp
2012-07-30 22:29:40: Requesting bad file: C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Requesting bad file: C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Running Extractor
2012-07-30 22:29:40: Uploading file
2012-07-30 22:29:40: Locking file: C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Locking file: C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Autonomous mode, clearing out yt folder
2012-07-30 22:29:40: cmd.exe /c start "C:\Users\Stefan\Downloads\yorkyt.exe"
Code:
ATTFilter 2012-07-30 22:29:17: ****************************************************
2012-07-30 22:29:17: Starting UP ... v 0.0.0.220
2012-07-30 22:29:17: ****************************************************
2012-07-30 22:29:17: Stop TPSRV returns: 2
2012-07-30 22:29:38: Listing processes...
2012-07-30 22:29:38: :[System Process]:0
2012-07-30 22:29:38: :System:4
2012-07-30 22:29:38: :smss.exe:384
2012-07-30 22:29:38: :csrss.exe:584
2012-07-30 22:29:38: :wininit.exe:684
2012-07-30 22:29:38: :csrss.exe:692
2012-07-30 22:29:38: :services.exe:740
2012-07-30 22:29:38: :lsass.exe:776
2012-07-30 22:29:38: :lsm.exe:784
2012-07-30 22:29:38: :winlogon.exe:820
2012-07-30 22:29:38: :svchost.exe:940
2012-07-30 22:29:38: :svchost.exe:192
2012-07-30 22:29:38: :atiesrxx.exe:532
2012-07-30 22:29:38: :svchost.exe:884
2012-07-30 22:29:38: :svchost.exe:1028
2012-07-30 22:29:38: :svchost.exe:1052
2012-07-30 22:29:38: :audiodg.exe:1124
2012-07-30 22:29:38: :svchost.exe:1196
2012-07-30 22:29:38: :svchost.exe:1332
2012-07-30 22:29:38: :atieclxx.exe:1440
2012-07-30 22:29:38: :WLTRYSVC.EXE:1516
2012-07-30 22:29:38: :wlanext.exe:1524
2012-07-30 22:29:38: :conhost.exe:1532
2012-07-30 22:29:38: :taskeng.exe:1676
2012-07-30 22:29:38: :spoolsv.exe:1716
2012-07-30 22:29:38: :sched.exe:1744
2012-07-30 22:29:38: :avguard.exe:1276
2012-07-30 22:29:38: :AppleMobileDeviceService.exe:1360
2012-07-30 22:29:38: :mDNSResponder.exe:1340
2012-07-30 22:29:38: :btwdins.exe:2052
2012-07-30 22:29:38: :svchost.exe:2080
2012-07-30 22:29:38: :DTSU2PAuSrv64.exe:2108
2012-07-30 22:29:38: :HeciServer.exe:2152
2012-07-30 22:29:38: :IPROSetMonitor.exe:2200
2012-07-30 22:29:38: :Jhi_service.exe:2256
2012-07-30 22:29:38: :nlssrv32.exe:2292
2012-07-30 22:29:38: :sppsvc.exe:2348
2012-07-30 22:29:38: :svchost.exe:2388
2012-07-30 22:29:38: :TeamViewer_Service.exe:2416
2012-07-30 22:29:38: :vmware-usbarbitrator64.exe:2496
2012-07-30 22:29:38: :taskhost.exe:2552
2012-07-30 22:29:38: :vmnat.exe:2724
2012-07-30 22:29:38: :WLIDSVC.EXE:2772
2012-07-30 22:29:38: :vmware-authd.exe:2820
2012-07-30 22:29:38: :TeamViewer.exe:2892
2012-07-30 22:29:38: :vmnetdhcp.exe:2908
2012-07-30 22:29:38: :WLIDSVCM.EXE:3032
2012-07-30 22:29:38: :taskeng.exe:1656
2012-07-30 22:29:38: :avshadow.exe:3172
2012-07-30 22:29:38: :conhost.exe:3180
2012-07-30 22:29:38: :SearchIndexer.exe:3268
2012-07-30 22:29:38: :svchost.exe:3360
2012-07-30 22:29:38: :tv_w32.exe:3464
2012-07-30 22:29:38: :tv_x64.exe:3472
2012-07-30 22:29:38: :WUDFHost.exe:3484
2012-07-30 22:29:38: :WmiPrvSE.exe:3528
2012-07-30 22:29:38: :SearchProtocolHost.exe:3616
2012-07-30 22:29:38: :SearchFilterHost.exe:3636
2012-07-30 22:29:38: :TrustedInstaller.exe:3716
2012-07-30 22:29:38: :dwm.exe:3848
2012-07-30 22:29:38: :explorer.exe:3872
2012-07-30 22:29:38: :RtkNGUI64.exe:2640
2012-07-30 22:29:38: :RAVBg64.exe:2452
2012-07-30 22:29:38: :WLTRAY.EXE:3608
2012-07-30 22:29:38: :sidebar.exe:3744
2012-07-30 22:29:38: :Steam.exe:3768
2012-07-30 22:29:38: :BTTray.exe:1764
2012-07-30 22:29:38: :Dropbox.exe:3828
2012-07-30 22:29:38: :EvernoteClipper.exe:3944
2012-07-30 22:29:38: :WFTPairing.exe:3912
2012-07-30 22:29:38: :svchost.exe:3244
2012-07-30 22:29:38: :iusb3mon.exe:4172
2012-07-30 22:29:38: :IAStorIcon.exe:4184
2012-07-30 22:29:38: :acrotray.exe:4444
2012-07-30 22:29:38: :vmware-tray.exe:4460
2012-07-30 22:29:38: :iTunesHelper.exe:4504
2012-07-30 22:29:38: :DivXUpdate.exe:4516
2012-07-30 22:29:38: :avgnt.exe:4560
2012-07-30 22:29:38: :mbamgui.exe:4580
2012-07-30 22:29:38: :MOM.exe:4588
2012-07-30 22:29:38: :EOSUPNPSV.exe:4760
2012-07-30 22:29:38: :conhost.exe:4780
2012-07-30 22:29:38: :CCC.exe:4924
2012-07-30 22:29:38: :iPodService.exe:3680
2012-07-30 22:29:38: :wmpnetwk.exe:5400
2012-07-30 22:29:38: :rundll32.exe:5660
2012-07-30 22:29:38: :SteamService.exe:5692
2012-07-30 22:29:38: :HydraDM.exe:5912
2012-07-30 22:29:38: :BTStackServer.exe:5952
2012-07-30 22:29:38: :HydraDM64.exe:5964
2012-07-30 22:29:38: :firefox.exe:6080
2012-07-30 22:29:38: :plugin-container.exe:5336
2012-07-30 22:29:38: :FlashPlayerPlugin_11_3_300_268.exe:4380
2012-07-30 22:29:38: :FlashPlayerPlugin_11_3_300_268.exe:6036
2012-07-30 22:29:38: :PresentationFontCache.exe:6912
2012-07-30 22:29:38: :avscan.exe:4992
2012-07-30 22:29:38: :yorkyt.exe:7044
2012-07-30 22:29:38: :BCMWLTRY.EXE:6224
2012-07-30 22:29:38:
2012-07-30 22:29:38: Setting restore point
2012-07-30 22:29:38: RUN mode
2012-07-30 22:29:38: Determining autonomous or dropped mode...
2012-07-30 22:29:38: Autonomus mode
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AeLookupSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\aelupsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\aelupsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: aelupsvc.dll
2012-07-30 22:29:38: Original File Name: aelupsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AppIDSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appidsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\appidsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: appidsvc.dll
2012-07-30 22:29:38: Original File Name: appidsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Appinfo
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appinfo.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\appinfo.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\appinfo.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: appinfo.dll
2012-07-30 22:29:38: Original File Name: appinfo.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AppMgmt
2012-07-30 22:29:38: Real Path: C:\Windows\System32\appmgmts.dll
2012-07-30 22:29:38: Display Name: @appmgmts.dll,-3250
2012-07-30 22:29:38: Description: @appmgmts.dll,-3251
2012-07-30 22:29:38: ServiceDLL: System32\appmgmts.dll
2012-07-30 22:29:38: File size: 149504
2012-07-30 22:29:38: DLL File name: appmgmts.dll
2012-07-30 22:29:38: Original File Name: appmgmts.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031453 20090714013834 20090714013834
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AudioEndpointBuilder
2012-07-30 22:29:38: Real Path: C:\Windows\System32\Audiosrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-07-30 22:29:38: ServiceDLL: System32\Audiosrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Audiosrv.dll
2012-07-30 22:29:38: Original File Name: audiosrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AudioSrv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\Audiosrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\Audiosrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Audiosrv.dll
2012-07-30 22:29:38: Original File Name: audiosrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: AxInstSV
2012-07-30 22:29:38: Real Path: C:\Windows\System32\AxInstSV.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-07-30 22:29:38: ServiceDLL: System32\AxInstSV.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: AxInstSV.dll
2012-07-30 22:29:38: Original File Name: AxInstSv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: BDESVC
2012-07-30 22:29:38: Real Path: C:\Windows\System32\bdesvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\bdesvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: bdesvc.dll
2012-07-30 22:29:38: Original File Name: BDESVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Browser
2012-07-30 22:29:38: Real Path: C:\Windows\System32\browser.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\browser.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\browser.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\browser.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: browser.dll
2012-07-30 22:29:38: Original File Name: browser.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: bthserv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\bthserv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\bthserv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: bthserv.dll
2012-07-30 22:29:38: Original File Name: BTHSERV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CertPropSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\certprop.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-07-30 22:29:38: ServiceDLL: System32\certprop.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: certprop.dll
2012-07-30 22:29:38: Original File Name: certprop.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CryptSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\cryptsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-07-30 22:29:38: ServiceDLL: system32\cryptsvc.dll
2012-07-30 22:29:38: File size: 140288
2012-07-30 22:29:38: DLL File name: cryptsvc.dll
2012-07-30 22:29:38: Original File Name: cryptsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20120424063642 20120614044609 20120614044609
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: CscService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\cscsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2012-07-30 22:29:38: Description: @%systemroot%\system32\cscsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\cscsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: cscsvc.dll
2012-07-30 22:29:38: Original File Name: cscsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: DcomLaunch
2012-07-30 22:29:38: Real Path: C:\Windows\system32\rpcss.dll
2012-07-30 22:29:38: Display Name: @oleres.dll,-5012
2012-07-30 22:29:38: Description: @oleres.dll,-5013
2012-07-30 22:29:38: ServiceDLL: system32\rpcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rpcss.dll
2012-07-30 22:29:38: Original File Name: rpcss.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: defragsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\defragsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\defragsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: defragsvc.dll
2012-07-30 22:29:38: Original File Name: defragsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Dhcp
2012-07-30 22:29:38: Real Path: C:\Windows\system32\dhcpcore.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\dhcpcore.dll
2012-07-30 22:29:38: File size: 254464
2012-07-30 22:29:38: DLL File name: dhcpcore.dll
2012-07-30 22:29:38: Original File Name: dhcpcore.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120141830 20120525211007 20120525211007
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Dnscache
2012-07-30 22:29:38: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\dnsrslvr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dnsrslvr.dll
2012-07-30 22:29:38: Original File Name: dnsrslvr.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: dot3svc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\dot3svc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-07-30 22:29:38: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-07-30 22:29:38: ServiceDLL: System32\dot3svc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dot3svc.dll
2012-07-30 22:29:38: Original File Name: dot3svc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: DPS
2012-07-30 22:29:38: Real Path: C:\Windows\system32\dps.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\dps.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\dps.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\dps.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: dps.dll
2012-07-30 22:29:38: Original File Name: dps.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: EapHost
2012-07-30 22:29:38: Real Path: C:\Windows\System32\eapsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-07-30 22:29:38: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\eapsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: eapsvc.dll
2012-07-30 22:29:38: Original File Name: eapsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: EventSystem
2012-07-30 22:29:38: Real Path: C:\Windows\system32\es.dll
2012-07-30 22:29:38: Display Name: @comres.dll,-2450
2012-07-30 22:29:38: Description: @comres.dll,-2451
2012-07-30 22:29:38: ServiceDLL: system32\es.dll
2012-07-30 22:29:38: File size: 271360
2012-07-30 22:29:38: DLL File name: es.dll
2012-07-30 22:29:38: Original File Name: ES.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031519 20090714014438 20090714014438
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: fdPHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\fdPHost.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\fdPHost.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: fdPHost.dll
2012-07-30 22:29:38: Original File Name: fdPHost.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: FDResPub
2012-07-30 22:29:38: Real Path: C:\Windows\system32\fdrespub.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\fdrespub.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: fdrespub.dll
2012-07-30 22:29:38: Original File Name: FDResPub.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: FontCache
2012-07-30 22:29:38: Real Path: C:\Windows\system32\FntCache.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\FntCache.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\FntCache.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: FntCache.dll
2012-07-30 22:29:38: Original File Name: FontCacheService
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: gpsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\gpsvc.dll
2012-07-30 22:29:38: Display Name: @gpapi.dll,-112
2012-07-30 22:29:38: Description: @gpapi.dll,-113
2012-07-30 22:29:38: ServiceDLL: System32\gpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: gpsvc.dll
2012-07-30 22:29:38: Original File Name: gpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: hidserv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\hidserv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\hidserv.dll
2012-07-30 22:29:38: File size: 49152
2012-07-30 22:29:38: DLL File name: hidserv.dll
2012-07-30 22:29:38: Original File Name: HIDSERV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031524 20090714015109 20090714015109
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: hkmsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\kmsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-07-30 22:29:38: ServiceDLL: system32\kmsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: kmsvc.dll
2012-07-30 22:29:38: Original File Name: KmSvc.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: HomeGroupListener
2012-07-30 22:29:38: Real Path: C:\Windows\system32\ListSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\ListSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ListSvc.dll
2012-07-30 22:29:38: Original File Name: ListSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: HomeGroupProvider
2012-07-30 22:29:38: Real Path: C:\Windows\system32\provsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\provsvc.dll
2012-07-30 22:29:38: File size: 165376
2012-07-30 22:29:38: DLL File name: provsvc.dll
2012-07-30 22:29:38: Original File Name: provsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142057 20120525211002 20120525211002
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: IKEEXT
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ikeext.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-07-30 22:29:38: ServiceDLL: System32\ikeext.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ikeext.dll
2012-07-30 22:29:38: Original File Name: IKEEXT.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: IPBusEnum
2012-07-30 22:29:38: Real Path: C:\Windows\system32\ipbusenum.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-07-30 22:29:38: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-07-30 22:29:38: ServiceDLL: system32\ipbusenum.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ipbusenum.dll
2012-07-30 22:29:38: Original File Name: IPBusEnum.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: KtmRm
2012-07-30 22:29:38: Real Path: C:\Windows\system32\msdtckrm.dll
2012-07-30 22:29:38: Display Name: @comres.dll,-2946
2012-07-30 22:29:38: Description: @comres.dll,-2947
2012-07-30 22:29:38: ServiceDLL: system32\msdtckrm.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: msdtckrm.dll
2012-07-30 22:29:38: Original File Name: MSDTCKRM.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: LanmanServer
2012-07-30 22:29:38: Real Path: C:\Windows\system32\srvsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\srvsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: srvsvc.dll
2012-07-30 22:29:38: Original File Name: SRVSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: LanmanWorkstation
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wkssvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wkssvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wkssvc.dll
2012-07-30 22:29:38: Original File Name: WKSSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: lltdsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\lltdsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\lltdsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: lltdsvc.dll
2012-07-30 22:29:38: Original File Name: LLTDSVC.DLL
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: lmhosts
2012-07-30 22:29:38: Real Path: C:\Windows\System32\lmhsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\lmhsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: lmhsvc.dll
2012-07-30 22:29:38: Original File Name: lmhsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Mcx2Svc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-07-30 22:29:38: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-07-30 22:29:38: ServiceDLL: system32\Mcx2Svc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: Mcx2Svc.dll
2012-07-30 22:29:38: Original File Name: Mcx2Svc.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: MMCSS
2012-07-30 22:29:38: Real Path: C:\Windows\system32\mmcss.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\mmcss.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\mmcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: mmcss.dll
2012-07-30 22:29:38: Original File Name: mmcss.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: MSiSCSI
2012-07-30 22:29:38: Real Path: C:\Windows\system32\iscsiexe.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-07-30 22:29:38: ServiceDLL: system32\iscsiexe.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: iscsiexe.dll
2012-07-30 22:29:38: Original File Name: iscsiexe.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: napagent
2012-07-30 22:29:38: Real Path: C:\Windows\system32\qagentRT.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-07-30 22:29:38: ServiceDLL: system32\qagentRT.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: qagentRT.dll
2012-07-30 22:29:38: Original File Name: QAgentRT.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Netman
2012-07-30 22:29:38: Real Path: C:\Windows\System32\netman.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\netman.dll,-110
2012-07-30 22:29:38: ServiceDLL: System32\netman.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: netman.dll
2012-07-30 22:29:38: Original File Name: netman.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: netprofm
2012-07-30 22:29:38: Real Path: C:\Windows\System32\netprofm.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-07-30 22:29:38: ServiceDLL: System32\netprofm.dll
2012-07-30 22:29:38: File size: 360448
2012-07-30 22:29:38: DLL File name: netprofm.dll
2012-07-30 22:29:38: Original File Name: netprofm.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031603 20090714015658 20090714015658
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: NlaSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\nlasvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\nlasvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: nlasvc.dll
2012-07-30 22:29:38: Original File Name: nlasvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: nsi
2012-07-30 22:29:38: Real Path: C:\Windows\system32\nsisvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\nsisvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: nsisvc.dll
2012-07-30 22:29:38: Original File Name: nsisvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: p2pimsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-07-30 22:29:38: ServiceDLL: system32\pnrpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpsvc.dll
2012-07-30 22:29:38: Original File Name: pnrpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: p2psvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\p2psvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-07-30 22:29:38: ServiceDLL: system32\p2psvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: p2psvc.dll
2012-07-30 22:29:38: Original File Name: p2psvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: PcaSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\pcasvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\pcasvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pcasvc.dll
2012-07-30 22:29:38: Original File Name:
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PeerDistSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\peerdistsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2012-07-30 22:29:38: ServiceDLL: system32\peerdistsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: peerdistsvc.dll
2012-07-30 22:29:38: Original File Name: PeerDistSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: pla
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pla.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\pla.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\pla.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\pla.dll
2012-07-30 22:29:38: File size: 1508864
2012-07-30 22:29:38: DLL File name: pla.dll
2012-07-30 22:29:38: Original File Name: PLA.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142054 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PlugPlay
2012-07-30 22:29:38: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\umpnpmgr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umpnpmgr.dll
2012-07-30 22:29:38: Original File Name: Umpnpmgr.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PNRPAutoReg
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpauto.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-07-30 22:29:38: ServiceDLL: system32\pnrpauto.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpauto.dll
2012-07-30 22:29:38: Original File Name: pnrpauto.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PNRPsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-07-30 22:29:38: ServiceDLL: system32\pnrpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: pnrpsvc.dll
2012-07-30 22:29:38: Original File Name: pnrpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: PolicyAgent
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-07-30 22:29:38: ServiceDLL: System32\ipsecsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ipsecsvc.dll
2012-07-30 22:29:38: Original File Name: ipsecsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Power
2012-07-30 22:29:38: Real Path: C:\Windows\system32\umpo.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\umpo.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umpo.dll
2012-07-30 22:29:38: Original File Name: Umpo.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: ProfSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\profsvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-07-30 22:29:38: Description: @%systemroot%\system32\profsvc.dll,-301
2012-07-30 22:29:38: ServiceDLL: system32\profsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: profsvc.dll
2012-07-30 22:29:38: Original File Name: ProfSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: QWAVE
2012-07-30 22:29:38: Real Path: C:\Windows\system32\qwave.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-07-30 22:29:38: ServiceDLL: system32\qwave.dll
2012-07-30 22:29:38: File size: 210944
2012-07-30 22:29:38: DLL File name: qwave.dll
2012-07-30 22:29:38: Original File Name: qwave.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031612 20090714015415 20090714015415
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RasAuto
2012-07-30 22:29:38: Real Path: C:\Windows\System32\rasauto.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\rasauto.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rasauto.dll
2012-07-30 22:29:38: Original File Name: rasauto.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RasMan
2012-07-30 22:29:38: Real Path: C:\Windows\System32\rasmans.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\rasmans.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rasmans.dll
2012-07-30 22:29:38: Original File Name: Rasmans.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RemoteAccess
2012-07-30 22:29:38: Real Path: C:\Windows\System32\mprdim.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-07-30 22:29:38: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\mprdim.dll
2012-07-30 22:29:38: File size: 75264
2012-07-30 22:29:38: DLL File name: mprdim.dll
2012-07-30 22:29:38: Original File Name: MPRDIM.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031541 20090714015426 20090714015426
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RemoteRegistry
2012-07-30 22:29:38: Real Path: C:\Windows\system32\regsvc.dll
2012-07-30 22:29:38: Display Name: @regsvc.dll,-1
2012-07-30 22:29:38: Description: @regsvc.dll,-2
2012-07-30 22:29:38: ServiceDLL: system32\regsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: regsvc.dll
2012-07-30 22:29:38: Original File Name: REGSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RpcEptMapper
2012-07-30 22:29:38: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-07-30 22:29:38: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-07-30 22:29:38: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-07-30 22:29:38: ServiceDLL: System32\RpcEpMap.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: RpcEpMap.dll
2012-07-30 22:29:38: Original File Name: RpcEpMap.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: RpcSs
2012-07-30 22:29:38: Real Path: C:\Windows\system32\rpcss.dll
2012-07-30 22:29:38: Display Name: @oleres.dll,-5010
2012-07-30 22:29:38: Description: @oleres.dll,-5011
2012-07-30 22:29:38: ServiceDLL: system32\rpcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: rpcss.dll
2012-07-30 22:29:38: Original File Name: rpcss.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SCardSvr
2012-07-30 22:29:38: Real Path: C:\Windows\System32\SCardSvr.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-07-30 22:29:38: ServiceDLL: System32\SCardSvr.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: SCardSvr.dll
2012-07-30 22:29:38: Original File Name: SCardSvr.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Schedule
2012-07-30 22:29:38: Real Path: C:\Windows\system32\schedsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\schedsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: schedsvc.dll
2012-07-30 22:29:38: Original File Name: schedsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SCPolicySvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\certprop.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-07-30 22:29:38: ServiceDLL: System32\certprop.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: certprop.dll
2012-07-30 22:29:38: Original File Name: certprop.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SDRSVC
2012-07-30 22:29:38: Real Path: C:\Windows\System32\SDRSVC.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\SDRSVC.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: SDRSVC.dll
2012-07-30 22:29:38: Original File Name: SDRSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: seclogon
2012-07-30 22:29:38: Real Path: C:\Windows\system32\seclogon.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-07-30 22:29:38: ServiceDLL: system32\seclogon.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: seclogon.dll
2012-07-30 22:29:38: Original File Name: SECLOGON.EXE.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SENS
2012-07-30 22:29:38: Real Path: C:\Windows\System32\sens.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\sens.dll
2012-07-30 22:29:38: File size: 49664
2012-07-30 22:29:38: DLL File name: sens.dll
2012-07-30 22:29:38: Original File Name: sens.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031613 20090714012158 20090714012158
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SensrSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sensrsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-07-30 22:29:38: ServiceDLL: system32\sensrsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sensrsvc.dll
2012-07-30 22:29:38: Original File Name: sensrsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SessionEnv
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sessenv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-07-30 22:29:38: ServiceDLL: system32\sessenv.dll
2012-07-30 22:29:38: File size: 113664
2012-07-30 22:29:38: DLL File name: sessenv.dll
2012-07-30 22:29:38: Original File Name: SessEnv.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142108 20120525211009 20120525211009
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: ShellHWDetection
2012-07-30 22:29:38: Real Path: C:\Windows\System32\shsvcs.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-07-30 22:29:38: ServiceDLL: System32\shsvcs.dll
2012-07-30 22:29:38: File size: 328192
2012-07-30 22:29:38: DLL File name: shsvcs.dll
2012-07-30 22:29:38: Original File Name: SHSVCS.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142119 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: sppuinotify
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sppuinotify.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\sppuinotify.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sppuinotify.dll
2012-07-30 22:29:38: Original File Name: sppuinotify.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SSDPSRV
2012-07-30 22:29:38: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\ssdpsrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: ssdpsrv.dll
2012-07-30 22:29:38: Original File Name: ssdpsrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SstpSvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sstpsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\sstpsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sstpsvc.dll
2012-07-30 22:29:38: Original File Name: sstpsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: stisvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wiaservc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-07-30 22:29:38: ServiceDLL: System32\wiaservc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wiaservc.dll
2012-07-30 22:29:38: Original File Name: WIASERVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: swprv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\swprv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-07-30 22:29:38: ServiceDLL: System32\swprv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: swprv.dll
2012-07-30 22:29:38: Original File Name: SWPRV.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: SysMain
2012-07-30 22:29:38: Real Path: C:\Windows\system32\sysmain.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-07-30 22:29:38: ServiceDLL: system32\sysmain.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: sysmain.dll
2012-07-30 22:29:38: Original File Name: sysmain.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TabletInputService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\TabSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\TabSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: TabSvc.dll
2012-07-30 22:29:38: Original File Name: TabSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TapiSrv
2012-07-30 22:29:38: Real Path: C:\Windows\System32\tapisrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-07-30 22:29:38: ServiceDLL: System32\tapisrv.dll
2012-07-30 22:29:38: File size: 242176
2012-07-30 22:29:38: DLL File name: tapisrv.dll
2012-07-30 22:29:38: Original File Name: TAPISRV.EXE.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142128 20120525211003 20120525211003
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TBS
2012-07-30 22:29:38: Real Path: C:\Windows\System32\tbssvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\tbssvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: tbssvc.dll
2012-07-30 22:29:38: Original File Name: TBSSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TermService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\termsrv.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-07-30 22:29:38: ServiceDLL: System32\termsrv.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: termsrv.dll
2012-07-30 22:29:38: Original File Name: termsrv.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Themes
2012-07-30 22:29:38: Real Path: C:\Windows\system32\themeservice.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-07-30 22:29:38: ServiceDLL: system32\themeservice.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: themeservice.dll
2012-07-30 22:29:38: Original File Name: THEMESERVICE.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: THREADORDER
2012-07-30 22:29:38: Real Path: C:\Windows\system32\mmcss.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-07-30 22:29:38: Description: @%systemroot%\system32\mmcss.dll,-103
2012-07-30 22:29:38: ServiceDLL: system32\mmcss.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: mmcss.dll
2012-07-30 22:29:38: Original File Name: mmcss.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: TrkWks
2012-07-30 22:29:38: Real Path: C:\Windows\System32\trkwks.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-07-30 22:29:38: ServiceDLL: System32\trkwks.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: trkwks.dll
2012-07-30 22:29:38: Original File Name: trkwks.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: UmRdpService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\umrdp.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2012-07-30 22:29:38: ServiceDLL: System32\umrdp.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: umrdp.dll
2012-07-30 22:29:38: Original File Name: umrdp.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: upnphost
2012-07-30 22:29:38: Real Path: C:\Windows\System32\upnphost.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-07-30 22:29:38: Description: @%systemroot%\system32\upnphost.dll,-214
2012-07-30 22:29:38: ServiceDLL: System32\upnphost.dll
2012-07-30 22:29:38: File size: 266752
2012-07-30 22:29:38: DLL File name: upnphost.dll
2012-07-30 22:29:38: Original File Name: unpnhost.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031617 20090714015541 20090714015541
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: UxSms
2012-07-30 22:29:38: Real Path: C:\Windows\System32\uxsms.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-07-30 22:29:38: ServiceDLL: System32\uxsms.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: uxsms.dll
2012-07-30 22:29:38: Original File Name: UxSms.dll
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: W32Time
2012-07-30 22:29:38: Real Path: C:\Windows\system32\w32time.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\w32time.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: w32time.dll
2012-07-30 22:29:38: Original File Name: w32time.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WbioSrvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wbiosrvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wbiosrvc.dll
2012-07-30 22:29:38: Original File Name: wbiosrvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: wcncsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wcncsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-07-30 22:29:38: ServiceDLL: System32\wcncsvc.dll
2012-07-30 22:29:38: File size: 276992
2012-07-30 22:29:38: DLL File name: wcncsvc.dll
2012-07-30 22:29:38: Original File Name: WCNCSVC.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142135 20120525211005 20120525211005
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WcsPlugInService
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-07-30 22:29:38: ServiceDLL: System32\WcsPlugInService.dll
2012-07-30 22:29:38: File size: 32768
2012-07-30 22:29:38: DLL File name: WcsPlugInService.dll
2012-07-30 22:29:38: Original File Name: WcsPlugInService.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714012513 20090714012513
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WdiServiceHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wdi.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-07-30 22:29:38: Description: @%systemroot%\system32\wdi.dll,-503
2012-07-30 22:29:38: ServiceDLL: system32\wdi.dll
2012-07-30 22:29:38: File size: 76288
2012-07-30 22:29:38: DLL File name: wdi.dll
2012-07-30 22:29:38: Original File Name: wdi.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WdiSystemHost
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wdi.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-07-30 22:29:38: Description: @%systemroot%\system32\wdi.dll,-501
2012-07-30 22:29:38: ServiceDLL: system32\wdi.dll
2012-07-30 22:29:38: File size: 76288
2012-07-30 22:29:38: DLL File name: wdi.dll
2012-07-30 22:29:38: Original File Name: wdi.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: WebClient
2012-07-30 22:29:38: Real Path: C:\Windows\System32\webclnt.dll
2012-07-30 22:29:38: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-07-30 22:29:38: Description: @%systemroot%\system32\webclnt.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\webclnt.dll
2012-07-30 22:29:38: File size: 204800
2012-07-30 22:29:38: DLL File name: webclnt.dll
2012-07-30 22:29:38: Original File Name: davsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142135 20120525211009 20120525211009
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Wecsvc
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wecsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-07-30 22:29:38: ServiceDLL: system32\wecsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wecsvc.dll
2012-07-30 22:29:38: Original File Name: wecsvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: wercplsupport
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wercplsupport.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-07-30 22:29:38: ServiceDLL: System32\wercplsupport.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wercplsupport.dll
2012-07-30 22:29:38: Original File Name: ERC
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: !!!!!!!
2012-07-30 22:29:38: Found Service: WerSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WerSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\WerSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WerSvc.dll
2012-07-30 22:29:38: Original File Name: wersvc
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: !!!!!!!!!
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Winmgmt
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-07-30 22:29:38: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-07-30 22:29:38: ServiceDLL: system32\wbem\WMIsvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WMIsvc.dll
2012-07-30 22:29:38: Original File Name: wmisvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WinRM
2012-07-30 22:29:38: Real Path: C:\Windows\system32\WsmSvc.dll
2012-07-30 22:29:38: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-07-30 22:29:38: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-07-30 22:29:38: ServiceDLL: system32\WsmSvc.dll
2012-07-30 22:29:38: File size: 1175040
2012-07-30 22:29:38: DLL File name: WsmSvc.dll
2012-07-30 22:29:38: Original File Name: WsmSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20101120142139 20120525211009 20120525211009
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: Wlansvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wlansvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-07-30 22:29:38: ServiceDLL: System32\wlansvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wlansvc.dll
2012-07-30 22:29:38: Original File Name: wlansvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WPCSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wpcsvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-07-30 22:29:38: ServiceDLL: System32\wpcsvc.dll
2012-07-30 22:29:38: File size: 10752
2012-07-30 22:29:38: DLL File name: wpcsvc.dll
2012-07-30 22:29:38: Original File Name: wpcsvc.exe.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time: 20090714031620 20090714014010 20090714014010
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WPDBusEnum
2012-07-30 22:29:38: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-07-30 22:29:38: ServiceDLL: system32\wpdbusenum.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wpdbusenum.dll
2012-07-30 22:29:38: Original File Name: WpdBusEnum.DLL.MUI
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: wudfsvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-07-30 22:29:38: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-07-30 22:29:38: ServiceDLL: System32\WUDFSvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: WUDFSvc.dll
2012-07-30 22:29:38: Original File Name: WUDFSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38: ---------------------------------------------------------------------
2012-07-30 22:29:38: Found Service: WwanSvc
2012-07-30 22:29:38: Real Path: C:\Windows\System32\wwansvc.dll
2012-07-30 22:29:38: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-07-30 22:29:38: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-07-30 22:29:38: ServiceDLL: System32\wwansvc.dll
2012-07-30 22:29:38: File size: 0
2012-07-30 22:29:38: DLL File name: wwansvc.dll
2012-07-30 22:29:38: Original File Name: WwanSvc.dll.mui
2012-07-30 22:29:38: Company:
2012-07-30 22:29:38: Mod/Cre/Acc time:
2012-07-30 22:29:38:
2012-07-30 22:29:38: Looking for SHELL key
2012-07-30 22:29:38: Now looking for bad DLL files in system32
2012-07-30 22:29:40: Folder: GAC
2012-07-30 22:29:40: Folder: GAC_32
2012-07-30 22:29:40: ... Fixing permissions on C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Folder: GAC_64
2012-07-30 22:29:40: ... Fixing permissions on C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Folder: GAC_MSIL
2012-07-30 22:29:40: Folder: NativeImages_v2.0.50727_32
2012-07-30 22:29:40: Folder: NativeImages_v2.0.50727_64
2012-07-30 22:29:40: Folder: NativeImages_v4.0.30319_32
2012-07-30 22:29:40: Folder: NativeImages_v4.0.30319_64
2012-07-30 22:29:40: Folder: temp
2012-07-30 22:29:40: Folder: tmp
2012-07-30 22:29:40: Checking for bad folder
2012-07-30 22:29:40: Found 1 folders.
2012-07-30 22:29:40: Checking C:\Windows\assembly\tmp
2012-07-30 22:29:40: ... Folder test returns: 1
2012-07-30 22:29:40: Done with folder list in C:\Windows\assembly\ tmp
2012-07-30 22:29:40: Requesting bad file: C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Requesting bad file: C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Running Extractor
2012-07-30 22:29:40: Uploading file
2012-07-30 22:29:40: Locking file: C:\Windows\assembly\GAC_32\desktop.ini
2012-07-30 22:29:40: Locking file: C:\Windows\assembly\GAC_64\desktop.ini
2012-07-30 22:29:40: Autonomous mode, clearing out yt folder
2012-07-30 22:29:40: cmd.exe /c start "C:\Users\Stefan\Downloads\yorkyt.exe"
2012-07-30 22:36:43: Restarting...
2012-07-30 22:39:34: ****************************************************
2012-07-30 22:39:34: Starting UP ... v 0.0.0.220
2012-07-30 22:39:34: ****************************************************
2012-07-30 22:39:34: Stop TPSRV returns: 2
2012-07-30 22:39:49: Listing processes...
2012-07-30 22:39:49: :[System Process]:0
2012-07-30 22:39:49: :System:4
2012-07-30 22:39:49: :smss.exe:384
2012-07-30 22:39:49: :csrss.exe:592
2012-07-30 22:39:49: :wininit.exe:684
2012-07-30 22:39:49: :csrss.exe:692
2012-07-30 22:39:49: :services.exe:740
2012-07-30 22:39:49: :lsass.exe:768
2012-07-30 22:39:49: :lsm.exe:776
2012-07-30 22:39:49: :winlogon.exe:812
2012-07-30 22:39:49: :svchost.exe:920
2012-07-30 22:39:49: :svchost.exe:1004
2012-07-30 22:39:49: :atiesrxx.exe:444
2012-07-30 22:39:49: :svchost.exe:676
2012-07-30 22:39:49: :svchost.exe:400
2012-07-30 22:39:49: :svchost.exe:1052
2012-07-30 22:39:49: :audiodg.exe:1132
2012-07-30 22:39:49: :svchost.exe:1200
2012-07-30 22:39:49: :atieclxx.exe:1332
2012-07-30 22:39:49: :svchost.exe:1356
2012-07-30 22:39:49: :WLTRYSVC.EXE:1500
2012-07-30 22:39:49: :wlanext.exe:1520
2012-07-30 22:39:49: :conhost.exe:1528
2012-07-30 22:39:49: :taskeng.exe:1668
2012-07-30 22:39:49: :spoolsv.exe:1704
2012-07-30 22:39:49: :sched.exe:1732
2012-07-30 22:39:49: :avguard.exe:1124
2012-07-30 22:39:49: :AppleMobileDeviceService.exe:1288
2012-07-30 22:39:49: :mDNSResponder.exe:1584
2012-07-30 22:39:49: :btwdins.exe:1896
2012-07-30 22:39:49: :svchost.exe:2076
2012-07-30 22:39:49: :DTSU2PAuSrv64.exe:2124
2012-07-30 22:39:49: :HeciServer.exe:2176
2012-07-30 22:39:49: :IPROSetMonitor.exe:2212
2012-07-30 22:39:49: :Jhi_service.exe:2252
2012-07-30 22:39:49: :nlssrv32.exe:2284
2012-07-30 22:39:49: :sppsvc.exe:2344
2012-07-30 22:39:49: :svchost.exe:2384
2012-07-30 22:39:49: :TeamViewer_Service.exe:2412
2012-07-30 22:39:49: :vmware-usbarbitrator64.exe:2480
2012-07-30 22:39:49: :taskhost.exe:2552
2012-07-30 22:39:49: :vmnat.exe:2584
2012-07-30 22:39:49: :WLIDSVC.EXE:2764
2012-07-30 22:39:49: :vmware-authd.exe:2820
2012-07-30 22:39:49: :vmnetdhcp.exe:2916
2012-07-30 22:39:49: :TeamViewer.exe:2924
2012-07-30 22:39:49: :WLIDSVCM.EXE:3044
2012-07-30 22:39:49: :avshadow.exe:3096
2012-07-30 22:39:49: :conhost.exe:3104
2012-07-30 22:39:49: :SearchIndexer.exe:3156
2012-07-30 22:39:49: :svchost.exe:3204
2012-07-30 22:39:49: :WUDFHost.exe:3364
2012-07-30 22:39:49: :tv_w32.exe:3408
2012-07-30 22:39:49: :tv_x64.exe:3416
2012-07-30 22:39:49: :WmiPrvSE.exe:3472
2012-07-30 22:39:49: :TrustedInstaller.exe:3556
2012-07-30 22:39:49: :userinit.exe:3748
2012-07-30 22:39:49: :dwm.exe:3756
2012-07-30 22:39:49: :explorer.exe:3784
2012-07-30 22:39:49: :yorkyt.exe:3916
2012-07-30 22:39:49: :SearchProtocolHost.exe:4012
2012-07-30 22:39:49: :SearchFilterHost.exe:4040
2012-07-30 22:39:49: :RtkNGUI64.exe:3552
2012-07-30 22:39:49: :RAVBg64.exe:2012
2012-07-30 22:39:49: :WLTRAY.EXE:2008
2012-07-30 22:39:49: :sidebar.exe:2456
2012-07-30 22:39:49: :Steam.exe:3720
2012-07-30 22:39:49: :BTTray.exe:3876
2012-07-30 22:39:49: :iusb3mon.exe:3864
2012-07-30 22:39:49: :Dropbox.exe:3852
2012-07-30 22:39:49: :IAStorIcon.exe:3528
2012-07-30 22:39:49: :EvernoteClipper.exe:4080
2012-07-30 22:39:49: :WFTPairing.exe:3588
2012-07-30 22:39:49: :svchost.exe:4148
2012-07-30 22:39:49: :acrobat_sl.exe:4208
2012-07-30 22:39:49: :acrotray.exe:4240
2012-07-30 22:39:49: :vmware-tray.exe:4252
2012-07-30 22:39:49: :acrodist.exe:4264
2012-07-30 22:39:49: :iTunesHelper.exe:4288
2012-07-30 22:39:49: :DivXUpdate.exe:4324
2012-07-30 22:39:49: :avgnt.exe:4344
2012-07-30 22:39:49: :mbamgui.exe:4364
2012-07-30 22:39:49: :MOM.exe:4384
2012-07-30 22:39:49: :CCC.exe:4720
2012-07-30 22:39:49: :EOSUPNPSV.exe:4872
2012-07-30 22:39:49: :conhost.exe:4908
2012-07-30 22:39:49: :iPodService.exe:4632
2012-07-30 22:39:49: :svchost.exe:5456
2012-07-30 22:39:49: :wmpnetwk.exe:5536
2012-07-30 22:39:49: :SteamService.exe:5800
2012-07-30 22:39:49: :rundll32.exe:5912
2012-07-30 22:39:49: :BTStackServer.exe:6108
2012-07-30 22:39:49: :BCMWLTRY.EXE:5184
2012-07-30 22:39:49:
2012-07-30 22:39:49: Starting cleanup mode...
2012-07-30 22:39:49: ... Done with files, now folders
2012-07-30 22:39:51: All DONE
Zitat:
|
|
30.07.2012, 21:52
| #8 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ und hier das OTL Log nach dem Run vom Panda-TLD4-Killer: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 22:48:05 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,73 Gb Available Physical Memory | 79,78% Memory free 16,74 Gb Paging File | 13,44 Gb Available in Paging File | 80,29% Paging File free Paging file location(s): c:\pagefile.sys 800 1000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 24,90 Gb Free Space | 22,30% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 438,26 Gb Free Space | 47,05% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.30 12:11:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2012.07.28 12:27:12 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe PRC - [2012.07.18 18:59:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:24 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.05.25 22:23:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.12.01 19:11:36 | 000,671,744 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe PRC - [2009.08.20 13:43:52 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe ========== Modules (No Company Name) ========== MOD - [2012.07.28 12:27:11 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll MOD - [2012.07.18 18:59:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.19 20:45:47 | 020,313,384 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012.06.19 20:45:45 | 000,895,312 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012.06.19 20:45:42 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012.06.19 20:45:40 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012.06.19 20:45:38 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012.06.18 16:34:04 | 000,997,888 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll MOD - [2012.06.16 19:03:34 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.16 19:03:20 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.06.16 18:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.16 18:57:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.26 09:39:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll MOD - [2012.05.26 09:22:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.26 09:22:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.26 09:22:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.26 09:22:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.26 09:22:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.26 09:22:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.25 19:18:54 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.11.28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.28 12:27:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:59:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.19 20:45:49 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 22:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.26 21:18:01 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.05.25 23:09:03 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.25 19:18:46 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.05.25 19:18:33 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.05.25 19:18:28 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.11.03 07:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.09.21 08:22:34 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.09.20 10:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.07.06 12:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 05:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 05:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.05.20 16:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.13 18:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 48 F8 FD 9C 3A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.30 00:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 22:35:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] [2012.05.25 21:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2012.07.18 18:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions [2012.07.08 08:13:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.06.14 12:41:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.26 10:10:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.31 21:02:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\foxmarks@kei.com [2012.06.28 23:10:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com [2012.06.06 14:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.06 14:44:21 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.07.18 18:59:05 | 000,045,154 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\BITTORRENT_WEBUI_2@FIREFOX.ALEXISBRUNET.COM.XPI [2012.05.26 10:10:40 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI [2012.06.28 23:10:35 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.07.18 18:59:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: LastPass = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.05.26 09:56:59 | 000,002,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21164624-2FB7-4C5D-922F-18C67E09CC63}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D62C0BA-E57B-4C00-9550-1B0A41A7DB12}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell - "" = AutoRun O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy) [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy) [2012.07.30 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.30 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.07.30 09:53:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.07.30 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.07.30 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.07.30 00:39:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.07.29 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.07.29 23:26:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Lexmark [2012.07.28 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira [2012.07.28 13:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.28 13:50:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.28 13:50:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.28 13:50:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.28 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.07.20 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\105_PANA [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\touchbyte_GmbH [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoSync [2012.07.16 23:59:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Weichtalklamm [2012.07.12 19:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.12 19:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.12 19:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.12 19:23:45 | 000,000,000 | ---D | C] -- C:\AMD [2012.07.12 17:03:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.12 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.12 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Arduino [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.07.11 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\arduino-1.0.1 [2012.07.08 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.07.04 12:32:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\temp [2012.07.02 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Damian Pasternak [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer [2012.07.01 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fotosizer [2012.05.28 16:51:36 | 014,844,448 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2012.07.30 22:46:09 | 001,506,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 22:46:09 | 000,654,452 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.30 22:46:09 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 22:46:09 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.30 22:46:09 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.30 22:44:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 22:44:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 22:39:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.30 22:39:17 | 4259,557,374 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 22:28:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 22:28:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000UA.job [2012.07.30 12:36:13 | 000,000,188 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:07 | 000,001,531 | ---- | M] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 00:50:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.07.30 00:28:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000Core.job [2012.07.29 23:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | M] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.17 00:18:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 18:24:42 | 000,002,368 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.11 18:18:14 | 004,963,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 21:22:48 | 000,003,584 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk ========== Files Created - No Company Name ========== [2012.07.30 22:43:42 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@ [2012.07.30 22:14:20 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000008.@ [2012.07.30 22:08:14 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\L\00000004.@ [2012.07.30 12:36:13 | 000,000,188 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:02 | 000,001,531 | ---- | C] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.29 23:26:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | C] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.28 13:23:36 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\000000cb.@ [2012.07.28 13:23:31 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@ [2012.07.17 00:18:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | C] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.02 21:22:48 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.02 13:08:00 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown Scheduler.lnk [2012.07.02 13:08:00 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Shutdown Scheduler.lnk [2012.07.01 22:46:01 | 000,001,047 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk [2012.07.01 22:46:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk [2012.06.04 13:03:20 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.25 23:13:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.25 23:11:40 | 000,000,600 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\winscp.rnd [2012.05.25 23:09:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.25 23:08:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.25 19:32:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.25 19:08:53 | 000,070,145 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.25 19:07:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.25 19:07:35 | 000,048,199 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll ========== LOP Check ========== [2012.07.02 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.06.06 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Activision [2012.07.11 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.05.25 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite [2012.07.30 22:39:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.06.30 09:07:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla [2012.07.08 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.06.29 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Imagenomic [2012.07.30 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.06.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PACE Anti-Piracy [2012.06.19 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDAppFlex [2012.07.17 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.30 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.05.26 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TeamViewer [2012.05.26 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TrueCrypt [2009.07.14 07:08:49 | 000,011,774 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
30.07.2012, 22:45
| #9 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi, Rootkit ist weiter aktiv, OTL hat es nicht geschafft. Jetzt können wir es noch im abgesicherten Modus probieren (F8 beim Booten), oder wir fahren ein massives Geschützt auf... Runterladen und ebenfalls im abgesicherten Modus laufen lassen... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
04.08.2012, 13:02
| #10 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Ok, habe Combofix ausgeführt. Es hat sich nach dem Start aber bald selbst kommentarlos beendet... es gibt auch keine Combofix.txt hab dann noch einmal das Pandatool drüber laufen lassen (beides im abgesicherten Modus). Und OTL hat mir folgendes Scan-Log geliefert. Code:
ATTFilter OTL logfile created on: 04.08.2012 13:44:51 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,69 Gb Available Physical Memory | 85,80% Memory free 16,74 Gb Paging File | 14,21 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): c:\pagefile.sys 800 1000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 24,92 Gb Free Space | 22,31% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 438,26 Gb Free Space | 47,05% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.04 13:36:20 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.08.04 13:36:15 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012.07.30 12:11:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.05 21:35:24 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.12.01 19:11:36 | 000,671,744 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe PRC - [2009.08.20 13:43:52 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe ========== Modules (No Company Name) ========== MOD - [2012.08.04 13:36:19 | 020,316,496 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012.08.04 13:36:18 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012.08.04 13:36:18 | 000,900,944 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012.08.04 13:36:18 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012.08.04 13:36:18 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012.06.16 19:03:34 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.16 19:03:20 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.06.16 18:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.16 18:57:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.26 09:22:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.26 09:22:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.26 09:22:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.26 09:22:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.26 09:22:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.25 19:18:54 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.11.28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.04 13:36:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.03 12:12:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:59:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 22:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.26 21:18:01 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.05.25 23:09:03 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.25 19:18:46 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.05.25 19:18:33 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.05.25 19:18:28 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.11.03 07:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.09.21 08:22:34 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.09.20 10:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.15 11:06:00 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.07.06 12:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 05:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 05:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.05.20 16:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.13 18:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 48 F8 FD 9C 3A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.30 00:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 22:35:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M] [2012.05.25 21:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2012.07.18 18:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions [2012.07.08 08:13:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.06.14 12:41:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.26 10:10:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.31 21:02:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\foxmarks@kei.com [2012.06.28 23:10:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com [2012.06.06 14:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.06 14:44:21 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.07.18 18:59:05 | 000,045,154 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\BITTORRENT_WEBUI_2@FIREFOX.ALEXISBRUNET.COM.XPI [2012.05.26 10:10:40 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI [2012.06.28 23:10:35 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.07.18 18:59:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: LastPass = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.05.26 09:56:59 | 000,002,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21164624-2FB7-4C5D-922F-18C67E09CC63}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D62C0BA-E57B-4C00-9550-1B0A41A7DB12}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell - "" = AutoRun O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 13:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.04 13:41:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.08.04 13:41:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.07.30 23:09:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Shiner [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy) [2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy) [2012.07.30 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.30 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.07.30 09:53:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.07.30 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.07.30 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.07.30 00:39:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.07.29 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.07.29 23:26:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Lexmark [2012.07.28 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira [2012.07.28 13:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.28 13:50:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.28 13:50:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.28 13:50:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.28 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.07.20 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\105_PANA [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\touchbyte_GmbH [2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoSync [2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoSync [2012.07.16 23:59:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Weichtalklamm [2012.07.12 19:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.12 19:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.12 19:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.12 19:23:45 | 000,000,000 | ---D | C] -- C:\AMD [2012.07.12 17:03:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.12 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.12 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Arduino [2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.07.11 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\arduino-1.0.1 [2012.07.08 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.05.28 16:51:36 | 014,844,448 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2012.08.04 13:44:07 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000UA.job [2012.08.04 13:44:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.04 13:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 13:44:03 | 4259,557,374 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 03:57:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000Core.job [2012.08.03 12:11:07 | 000,002,420 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.07.30 22:46:09 | 001,506,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 22:46:09 | 000,654,452 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.30 22:46:09 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 22:46:09 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.30 22:46:09 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.30 22:44:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 22:44:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 12:36:13 | 000,000,188 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:07 | 000,001,531 | ---- | M] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.30 00:50:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.07.29 23:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | M] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.17 00:18:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.11 18:18:14 | 004,963,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.30 12:36:13 | 000,000,188 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012.07.30 12:14:02 | 000,001,531 | ---- | C] () -- C:\Users\Stefan\Desktop\Logs.lnk [2012.07.30 09:49:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.07.30 09:49:00 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.07.29 23:26:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 13:50:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.28 13:36:04 | 000,001,131 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.07.28 13:36:03 | 000,000,936 | ---- | C] () -- C:\Users\Stefan\Desktop\Evernote.lnk [2012.07.17 00:18:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\PhotoSync.lnk [2012.07.12 13:04:13 | 000,001,002 | ---- | C] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.07.12 13:00:06 | 000,001,012 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.02 21:22:48 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.04 13:03:20 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.25 23:13:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.25 23:11:40 | 000,000,600 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\winscp.rnd [2012.05.25 23:09:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.25 23:08:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ [2012.05.25 19:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.25 19:32:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.25 19:08:53 | 000,070,145 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.25 19:07:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.25 19:07:35 | 000,048,199 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll ========== LOP Check ========== [2012.08.01 23:06:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.06.06 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Activision [2012.07.11 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Arduino [2012.05.25 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite [2012.08.04 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2012.06.30 09:07:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla [2012.07.08 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Garmin [2012.06.29 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Imagenomic [2012.07.30 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ImgBurn [2012.06.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PACE Anti-Piracy [2012.06.19 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDAppFlex [2012.07.17 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PhotoSync [2012.07.30 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean [2012.05.26 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TeamViewer [2012.05.26 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TrueCrypt [2009.07.14 07:08:49 | 000,012,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan :: STEFAN-PC [Administrator] Schutz: Aktiviert 04.08.2012 13:48:44 mbam-log-2012-08-04 (13-48-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215162 Laufzeit: 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Temp\yt\GetFiles\badfiles\desktop.ini.1 (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wenn ja, gibt's ne Spende  |
|
04.08.2012, 18:43
| #11 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi, nein, lt. OTL ist ein Teil noch da: [2012.05.25 19:49:43 | 000,002,048 | -HS- | C] () -- C:\Users\Stefan\AppData\Local\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\@ MAM bitte updaten und dann FULLSCAN, Log posten... Probieren wir Hitman Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten. ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!) Downloads - SurfRight Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.08.2012, 19:42
| #12 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ MAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan :: STEFAN-PC [Administrator] Schutz: Aktiviert 04.08.2012 20:25:50 mbam-log-2012-08-04 (20-42-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 431874 Laufzeit: 12 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\000000cb.@.vir (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter
Avira Antivirus Premium 2012
Erstellungsdatum der Reportdatei: Samstag, 04. August 2012 20:32
Es wird nach 4059199 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Stefan Bugovsky
Seriennummer : 2222258342-PEPWE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : STEFAN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1145 42650 Bytes 23.05.2012 17:04:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 04.08.2012 12:09:59
AVSCAN.DLL : 12.3.0.15 66256 Bytes 04.08.2012 12:09:59
LUKE.DLL : 12.3.0.15 68304 Bytes 04.08.2012 12:10:11
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 04.08.2012 12:10:26
AVREG.DLL : 12.3.0.17 232200 Bytes 04.08.2012 12:10:25
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 22:37:35
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 16:04:37
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 16:04:37
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 16:04:37
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 16:04:37
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 16:04:37
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 16:04:37
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 16:04:37
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 16:04:37
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 16:04:37
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 12:09:47
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 12:09:47
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 12:09:47
VBASE017.VDF : 7.11.38.144 2048 Bytes 02.08.2012 12:09:47
VBASE018.VDF : 7.11.38.145 2048 Bytes 02.08.2012 12:09:48
VBASE019.VDF : 7.11.38.146 2048 Bytes 02.08.2012 12:09:48
VBASE020.VDF : 7.11.38.147 2048 Bytes 02.08.2012 12:09:48
VBASE021.VDF : 7.11.38.148 2048 Bytes 02.08.2012 12:09:48
VBASE022.VDF : 7.11.38.149 2048 Bytes 02.08.2012 12:09:48
VBASE023.VDF : 7.11.38.150 2048 Bytes 02.08.2012 12:09:48
VBASE024.VDF : 7.11.38.151 2048 Bytes 02.08.2012 12:09:48
VBASE025.VDF : 7.11.38.152 2048 Bytes 02.08.2012 12:09:48
VBASE026.VDF : 7.11.38.153 2048 Bytes 02.08.2012 12:09:48
VBASE027.VDF : 7.11.38.154 2048 Bytes 02.08.2012 12:09:48
VBASE028.VDF : 7.11.38.155 2048 Bytes 02.08.2012 12:09:48
VBASE029.VDF : 7.11.38.156 2048 Bytes 02.08.2012 12:09:48
VBASE030.VDF : 7.11.38.157 2048 Bytes 02.08.2012 12:09:48
VBASE031.VDF : 7.11.38.202 119808 Bytes 04.08.2012 18:23:51
Engineversion : 8.2.10.126
AEVDF.DLL : 8.1.2.10 102772 Bytes 28.07.2012 11:50:28
AESCRIPT.DLL : 8.1.4.38 455033 Bytes 04.08.2012 12:09:50
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 18.07.2012 16:04:20
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.3.0.18 807287 Bytes 28.07.2012 11:50:28
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 28.07.2012 11:50:27
AEHEUR.DLL : 8.1.4.84 5112182 Bytes 04.08.2012 12:09:50
AEHELP.DLL : 8.1.23.2 258422 Bytes 18.07.2012 16:04:17
AEGEN.DLL : 8.1.5.34 434548 Bytes 28.07.2012 11:50:27
AEEXP.DLL : 8.1.0.74 86387 Bytes 04.08.2012 12:09:50
AEEMU.DLL : 8.1.3.2 393587 Bytes 28.07.2012 11:50:27
AECORE.DLL : 8.1.27.2 201078 Bytes 28.07.2012 11:50:27
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 04.08.2012 12:09:33
AVPREF.DLL : 12.3.0.15 51920 Bytes 04.08.2012 12:09:59
AVREP.DLL : 12.3.0.15 179208 Bytes 18.07.2012 16:04:23
AVARKT.DLL : 12.3.0.15 211408 Bytes 04.08.2012 12:09:54
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 04.08.2012 12:09:55
SQLITE3.DLL : 3.7.0.1 398288 Bytes 04.08.2012 12:10:19
AVSMTP.DLL : 12.3.0.15 63952 Bytes 04.08.2012 12:10:00
NETNT.DLL : 12.3.0.15 17104 Bytes 04.08.2012 12:10:13
RCIMAGE.DLL : 12.3.0.15 4491472 Bytes 04.08.2012 12:09:34
RCTEXT.DLL : 12.3.0.15 98512 Bytes 04.08.2012 12:09:35
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_501d22bc\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Samstag, 04. August 2012 20:32
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HydraDM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EOSUPNPSV.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WFTPairing.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteClipper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tv_w32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnetdhcp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-authd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnat.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nlssrv32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\L\00000004.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\L\00000004.@.vir
[FUND] Ist das Trojanische Pferd TR/ZAccess.H
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@.vir
[FUND] Ist das Trojanische Pferd TR/ZAccess.H
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000008.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000008.@.vir
[FUND] Ist das Trojanische Pferd TR/Cutwail.jhg
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000032.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000032.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
Beginne mit der Suche in 'C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@.vir'
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
Beginne mit der Desinfektion:
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000064.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b4c8ba.qua' verschoben!
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000032.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e23e71d.qua' verschoben!
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\80000000.@.vir
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c7cbdf5.qua' verschoben!
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000008.@.vir
[FUND] Ist das Trojanische Pferd TR/Cutwail.jhg
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a4bf237.qua' verschoben!
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\U\00000004.@.vir
[FUND] Ist das Trojanische Pferd TR/ZAccess.H
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3fcfdf09.qua' verschoben!
C:\Qoobox\Quarantine\C\Windows\Installer\{bdce52c8-06a7-9c8e-f50f-9fd7081d65e7}\L\00000004.@.vir
[FUND] Ist das Trojanische Pferd TR/ZAccess.H
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '40d4ed68.qua' verschoben!
Ende des Suchlaufs: Samstag, 04. August 2012 20:34
Benötigte Zeit: 00:19 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
785 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
779 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
6 Hinweise
48559 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Die Suchergebnisse werden an den Guard übermittelt.
Code:
ATTFilter
 |
|
05.08.2012, 19:56
| #13 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi, hast Du Himann alles killen lassen? Dazu eine 30-Tage Lizenz anfordern... Avira findet nur die Quarantäne von CF.... Poste ein neues OTL-Log... Schauen wir mal nach Internet und Firewall: Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
Starte durch "Scan". Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt. Log hier posten... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
05.08.2012, 20:59
| #14 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ ja, ich hab Hitman natürlich auch arbeiten lassen... Einmal das Log von Farbar Service Scanner: Code:
ATTFilter Farbar Service Scanner Version: 04-08-2012 01
Ran by Stefan (administrator) on 05-08-2012 at 21:52:29
Running from "C:\Users\Stefan\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
OTL: Code:
ATTFilter OTL logfile created on: 05.08.2012 21:55:42 - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stefan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 12,45 Gb Available Physical Memory | 78,03% Memory free
16,74 Gb Paging File | 12,20 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): c:\pagefile.sys 800 1000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,33 Gb Free Space | 21,79% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 438,26 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 216,03 Gb Free Space | 92,80% Space Free | Partition Type: NTFS
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.05 21:52:18 | 000,693,139 | ---- | M] (Farbar) -- C:\Users\Stefan\Downloads\FSS.exe
PRC - [2012.08.04 14:10:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.08.04 14:10:01 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.08.04 14:09:57 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.08.04 14:09:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.04 14:09:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.04 13:36:20 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.08.04 13:36:15 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012.08.03 12:12:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012.07.30 12:40:11 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Downloads\OTL(1).exe
PRC - [2012.07.18 18:59:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.05.26 21:18:01 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2012.05.15 20:00:00 | 006,326,784 | ---- | M] (MPC-HC Team) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.10 12:35:48 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Program Files (x86)\PuTTY\putty.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.11.13 23:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009.12.01 19:11:36 | 000,671,744 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe
PRC - [2009.10.18 09:55:14 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Stefan\Desktop\arduino-1.0.1\java\bin\javaw.exe
PRC - [2009.08.20 13:43:52 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe
========== Modules (No Company Name) ==========
MOD - [2012.08.04 13:36:19 | 020,316,496 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012.08.04 13:36:18 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012.08.04 13:36:18 | 000,900,944 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012.08.04 13:36:18 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012.08.04 13:36:18 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012.08.03 12:12:20 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012.07.18 18:59:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.18 16:34:04 | 000,997,888 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012.06.16 19:03:34 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.16 19:03:20 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012.06.16 18:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.16 18:57:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.26 09:39:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012.05.26 09:22:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.26 09:22:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.26 09:22:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.26 09:22:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.26 09:22:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.26 09:22:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.21 18:04:34 | 000,077,759 | ---- | M] () -- C:\Users\Stefan\Desktop\arduino-1.0.1\rxtxSerial.dll
MOD - [2012.05.15 20:00:00 | 004,460,032 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffmpeg.dll
MOD - [2012.05.15 20:00:00 | 003,449,344 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2012.05.13 19:09:32 | 006,993,279 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
MOD - [2012.05.13 19:09:32 | 000,372,579 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
MOD - [2012.05.13 19:09:32 | 000,213,879 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
MOD - [2012.05.13 19:09:32 | 000,162,572 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-2.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.05.25 19:18:54 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011.11.28 20:23:30 | 001,084,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.04 14:10:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.08.04 14:10:01 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.08.04 14:09:57 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.08.04 14:09:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.04 13:36:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.03 12:12:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 18:59:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.11.13 23:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.11.13 23:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.11.13 22:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.08.04 20:55:55 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.26 21:18:01 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.05.25 23:09:03 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.25 19:18:46 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012.05.25 19:18:33 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.05.25 19:18:28 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.13 23:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.11.13 23:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.11.13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.11.13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.11.03 07:00:48 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.09.21 08:22:34 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.09.20 10:36:24 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.07.06 12:35:40 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.06.23 05:59:28 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.06.23 05:59:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.20 16:49:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.13 18:17:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 48 F8 FD 9C 3A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.30 00:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 22:35:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:59:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.30 00:50:38 | 000,000,000 | ---D | M]
[2012.05.25 21:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2012.08.04 14:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions
[2012.07.08 08:13:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.06.14 12:41:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.08.04 14:06:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.31 21:02:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\foxmarks@kei.com
[2012.06.28 23:10:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\5i5lm8ot.default\extensions\support@lastpass.com
[2012.06.06 14:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.06 14:44:21 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012.07.18 18:59:05 | 000,045,154 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\BITTORRENT_WEBUI_2@FIREFOX.ALEXISBRUNET.COM.XPI
[2012.05.26 10:10:40 | 005,438,448 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI
[2012.06.28 23:10:35 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5I5LM8OT.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI
[2012.07.18 18:59:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: LastPass = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2012.05.26 09:56:59 | 000,002,810 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WFTPairing.lnk = C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe (CANON INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21164624-2FB7-4C5D-922F-18C67E09CC63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D62C0BA-E57B-4C00-9550-1B0A41A7DB12}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell - "" = AutoRun
O33 - MountPoints2\{b2061893-cc32-11e1-b58f-0008cae5d310}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.05 13:28:39 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\DeadIsland
[2012.08.05 10:32:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
[2012.08.04 20:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.08.04 14:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.04 13:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.04 13:41:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.04 13:41:51 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.07.30 23:09:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Shiner
[2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
[2012.07.30 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
[2012.07.30 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.30 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean
[2012.07.30 09:53:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ImgBurn
[2012.07.30 09:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.07.30 09:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.07.30 00:39:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.07.29 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012.07.29 23:26:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.29 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Lexmark
[2012.07.28 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012.07.28 13:50:17 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.28 13:50:17 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.28 13:50:17 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.28 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.07.20 18:12:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\105_PANA
[2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\touchbyte_GmbH
[2012.07.17 00:18:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PhotoSync
[2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoSync
[2012.07.17 00:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoSync
[2012.07.16 23:59:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Weichtalklamm
[2012.07.12 19:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.12 19:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.12 19:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.12 19:23:45 | 000,000,000 | ---D | C] -- C:\AMD
[2012.07.12 17:03:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.12 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.12 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Arduino
[2012.07.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Arduino
[2012.07.11 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\arduino-1.0.1
[2012.07.08 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Garmin
[2012.05.28 16:51:36 | 014,844,448 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
========== Files - Modified Within 30 Days ==========
[2012.08.05 21:57:27 | 000,000,600 | ---- | M] () -- C:\Users\Stefan\AppData\Local\PUTTY.RND
[2012.08.05 21:28:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000UA.job
[2012.08.05 21:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 10:39:39 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477003203-1577878540-3883721961-1000Core.job
[2012.08.05 10:27:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 21:02:39 | 001,506,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 21:02:39 | 000,654,452 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 21:02:39 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 21:02:39 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 21:02:39 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 21:00:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 21:00:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 20:55:55 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012.08.04 20:55:53 | 4259,557,374 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 20:53:57 | 000,001,712 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012.08.04 14:12:00 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.03 12:11:07 | 000,002,420 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk
[2012.07.30 12:36:13 | 000,000,188 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012.07.30 12:14:07 | 000,001,531 | ---- | M] () -- C:\Users\Stefan\Desktop\Logs.lnk
[2012.07.30 09:49:00 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.30 00:50:38 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.07.29 23:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.28 13:36:04 | 000,001,131 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.07.28 13:36:03 | 000,000,936 | ---- | M] () -- C:\Users\Stefan\Desktop\Evernote.lnk
[2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.17 00:18:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\PhotoSync.lnk
[2012.07.12 13:04:13 | 000,001,002 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk
[2012.07.12 13:00:06 | 000,001,012 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.11 18:18:14 | 004,963,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.08.04 20:55:55 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012.08.04 20:53:57 | 000,001,712 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012.07.30 12:36:13 | 000,000,188 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012.07.30 12:14:02 | 000,001,531 | ---- | C] () -- C:\Users\Stefan\Desktop\Logs.lnk
[2012.07.30 09:49:00 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.07.30 09:49:00 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.29 23:26:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.28 13:50:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.28 13:36:04 | 000,001,131 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.07.28 13:36:03 | 000,000,936 | ---- | C] () -- C:\Users\Stefan\Desktop\Evernote.lnk
[2012.07.17 00:18:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\PhotoSync.lnk
[2012.07.12 13:04:13 | 000,001,002 | ---- | C] () -- C:\Users\Stefan\Desktop\Dropbox.lnk
[2012.07.12 13:00:06 | 000,001,012 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.02 21:22:48 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.04 13:03:20 | 001,523,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.25 23:13:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.25 23:11:40 | 000,000,600 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\winscp.rnd
[2012.05.25 23:09:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.05.25 23:08:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.25 19:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.25 19:32:00 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.25 19:08:53 | 000,070,145 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.05.25 19:07:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.05.25 19:07:35 | 000,048,199 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
========== LOP Check ==========
[2012.08.01 23:06:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2012.06.06 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Activision
[2012.07.11 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Arduino
[2012.05.25 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite
[2012.08.05 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2012.06.30 09:07:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla
[2012.07.08 08:13:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Garmin
[2012.06.29 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Imagenomic
[2012.07.30 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ImgBurn
[2012.06.16 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PACE Anti-Piracy
[2012.06.19 21:03:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PDAppFlex
[2012.07.17 00:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PhotoSync
[2012.07.30 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\R-Wipe&Clean
[2012.05.26 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TeamViewer
[2012.05.26 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TrueCrypt
[2009.07.14 07:08:49 | 000,012,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
hxxp://support.microsoft.com/kb/2530126 |
|
05.08.2012, 21:29
| #15 |
| | TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ Hi, da ist noch was drauf... OTL:
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [XSECVA] "C:\Users\Stefan\AppData\Roaming\xsecva\xsecva.exe" -s File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Commands
[purity]
[emptytemp]
[Reboot]
Jetzt zur Firewall: Win7 Firewall wiederbeleben: Lade dir die Dateien BaseFilteringEngine und FireWallReg herunter und speichere sie auf dem Desktop. Starte sie per Doppelklick, Sicherheitsabfragen (Import/Zusammenführung etc.) erlauben. Danach den Rechner neu starten. Starte services.msc (Start/Run und dort services.msc eingeben und Enter), suche dann die Services base filtering engine und den windows firewall service... beide sollten laufen, sonst per Hand starten... Dann sollte die Firewall wieder funktionieren.... Abschließend: Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu TR/ATRAPS.Gen2 in C:\Windows\Installer\{bd**65e7}\U\80000064.@ |
| 'tr/atraps.gen2', 00000008.@, administrator, anti-malware, autostart, avira, code, datei, dateien, entfernen, explorer, festplatte, gelöscht, infektion, live-system, log, malwarebytes, neustart., problem, programm, rechner, software, speicher, tr/atraps.gen, treiber, trojan, virus, windows, zugriff |
Linear-Darstellung
