| |
| |||||||
Log-Analyse und Auswertung: Blue Screens nach Installation der Software ILEMIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2013, 04:08
| #1 |
| |  Blue Screens nach Installation der Software ILEMI Hallo, ich habe das Problem, dass sich mein Computer (Windows 7 Professional 64 Bit) mindestens einmal pro Stunde aufhängt und sich auch der Taskmanager nicht mehr starten lässt. Die akuten Probleme fingen letzte Nacht an. Ich arbeitete gerade nicht an meinem PC, als er plötzlich einen Blue Screen zeigte. Heute hatte ich inzwischen schon ca. 5x einen Blue Screen und unzählige weitere Systemabstürze, bei denen auch der Taskmanager nicht mehr reagierte und teilweise die Taskleiste verschwand. Bei den ersten drei Blue Screens erschien immer die Meldung: KERNEL_DATA_INPAGE_ERROR *** STOP: 0x0000007A Ich habe die Fehlermeldungen abfotografiert, falls die genauen Angaben von Interesse sind. Schon in den letzten Tagen hatte ich das Problem, dass die Taskleiste häufig nicht mehr reagrierte. Auch in Thunderbird ließen sich in dem Zusammenhang keine Mails mehr auswählen und anzeigen. Das Starten des Taskmanagers brachte aber immer Abhilfe. Sobald er geöffnet war, lief wieder alles normal. Begonnen haben die Probleme, als ich eine Sportveranstaltung online schauen wollte. Ich stieß dabei auf die Seite h**p://myp2p.ec/ und installierte die Software ILEMI. Bei der Installation wurde auch eine Browsertoolbar mit installiert, obwohl ich sie extra bei der benutzerdefinierten Installation abgewählt hatte. Die Toolbar installierte sich in allen Browsern auf meinem Rechner (Firefox, IE, Chrome). Ich deinstallierte sie überall wieder und deinstallierte auch umgehend ILEMI. Dabei gab es das Problem, dass das Programm eigentlich deinstalliert war, aber dennoch unter "Programm deinstallieren und ändern" angezeigt wurde. Es gab dann die Option es aus der Liste zu entfernen, wovon ich Gebrauch machte. Inzwischen habe ich mit Norton Internet Security das System gescannt. Dabei wurde die Datei ilemitvapps_setup33.exe (WS.Reputation.1, Ursprung: h**p://dl.ilemiapp.net/download) als Bedrohung erkannt und isoliert. Ich habe auch schon versucht das System über die Systemwiederherstellung zurückzusetzen. Der Wiederherstellungspunkt war allerdings schon 5 Monate alt. Ich habe das Ganze dann wieder rückgängig gemacht, da etliche Programme Fehlermeldungen erzeugten und sich der PC auch wieder aufhing. Anschließend führte ich mit Norton noch einen Scan im abgesicherten Modus durch. Diese brachte keine Funde. Nach einem ganzen Tag bin nun mit meinem Latein am Ende und hoffe Ihr könnt mir weiterhelfen. Bei Erfolg gibt es auch auf jeden Fall ein Spende. Gerade stürzte der Rechner wieder mit einem Blue Screen ab. Diesmal mit der Meldung ***STOP 0x000000F4. Die Scans mit den hier angegebenen Tools habe ich nach Vorschrift durchgeführt. Die Logfiles hänge ich an. Vielen Dank schon im Voraus! Norton-Log: Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 11.06.2013 16:59:43,Mittel,ilemitvapps_setup33.exe (WS.Reputation.1) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\program files (x86)\_programme\tools\video\p2p\ilemi\ilemitvapps_setup33.exe 11.06.2013 16:27:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 07.06.2013 12:22:54,Gering,webcakesetup[1].exe (Yontoo) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\feirio\appdata\local\microsoft\windows\temporary internet files\content.ie5\k7597si5\webcakesetup[1].exe 30.05.2013 12:04:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, defogger_disable.log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:15 on 12/06/2013 (feirio) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL logfile created on: 12.06.2013 01:21:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,11% Memory free 15,95 Gb Paging File | 13,49 Gb Available in Paging File | 84,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 38,32 Gb Free Space | 32,16% Space Free | Partition Type: NTFS Drive I: | 97,66 Gb Total Space | 30,29 Gb Free Space | 31,01% Space Free | Partition Type: NTFS Drive J: | 833,85 Gb Total Space | 336,45 Gb Free Space | 40,35% Space Free | Partition Type: NTFS Computer Name: LIGHTSPEEDY | User Name: feirio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 01:18:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.03.27 10:11:00 | 006,875,136 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.07.19 14:01:00 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\fwupdate.exe PRC - [2011.10.27 18:15:42 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe PRC - [2011.10.19 13:20:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.30 10:51:50 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.bin PRC - [2011.01.12 21:31:42 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe PRC - [2011.01.12 21:31:26 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe PRC - [2011.01.12 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.12.20 11:18:48 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.16 10:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.11.09 10:34:26 | 002,529,920 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.09.28 15:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2010.05.14 07:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe PRC - [2004.12.14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 00:59:49 | 001,175,040 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._core_.pyd MOD - [2013.06.12 00:59:49 | 001,153,024 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_ssl.pyd MOD - [2013.06.12 00:59:49 | 001,062,400 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._controls_.pyd MOD - [2013.06.12 00:59:49 | 001,022,416 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\windows._cacheinvalidation.pyd MOD - [2013.06.12 00:59:49 | 000,811,008 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._windows_.pyd MOD - [2013.06.12 00:59:49 | 000,805,888 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._gdi_.pyd MOD - [2013.06.12 00:59:49 | 000,735,232 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._misc_.pyd MOD - [2013.06.12 00:59:49 | 000,711,680 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_hashlib.pyd MOD - [2013.06.12 00:59:49 | 000,686,080 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\unicodedata.pyd MOD - [2013.06.12 00:59:49 | 000,557,056 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pysqlite2._sqlite.pyd MOD - [2013.06.12 00:59:49 | 000,364,544 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pythoncom27.dll MOD - [2013.06.12 00:59:49 | 000,320,512 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32com.shell.shell.pyd MOD - [2013.06.12 00:59:49 | 000,128,512 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_elementtree.pyd MOD - [2013.06.12 00:59:49 | 000,127,488 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pyexpat.pyd MOD - [2013.06.12 00:59:49 | 000,122,368 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._wizard.pyd MOD - [2013.06.12 00:59:49 | 000,119,808 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32file.pyd MOD - [2013.06.12 00:59:49 | 000,110,080 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pywintypes27.dll MOD - [2013.06.12 00:59:49 | 000,108,544 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32security.pyd MOD - [2013.06.12 00:59:49 | 000,098,816 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32api.pyd MOD - [2013.06.12 00:59:49 | 000,087,040 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_ctypes.pyd MOD - [2013.06.12 00:59:49 | 000,070,656 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._html2.pyd MOD - [2013.06.12 00:59:49 | 000,044,032 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_socket.pyd MOD - [2013.06.12 00:59:49 | 000,038,912 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32inet.pyd MOD - [2013.06.12 00:59:49 | 000,035,840 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32process.pyd MOD - [2013.06.12 00:59:49 | 000,026,624 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_multiprocessing.pyd MOD - [2013.06.12 00:59:49 | 000,025,600 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32pdh.pyd MOD - [2013.06.12 00:59:49 | 000,022,528 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32ts.pyd MOD - [2013.06.12 00:59:49 | 000,018,432 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32event.pyd MOD - [2013.06.12 00:59:49 | 000,017,408 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32profile.pyd MOD - [2013.06.12 00:59:49 | 000,011,264 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32crypt.pyd MOD - [2013.06.12 00:59:49 | 000,010,240 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\select.pyd MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.12.26 09:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdmbtsupp.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll MOD - [2011.11.07 23:02:07 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\libxml2.dll MOD - [2011.09.30 10:51:50 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011.01.20 12:09:34 | 000,964,096 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.01.13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.01.12 21:31:42 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe MOD - [2011.01.12 10:53:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.12.30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2010.12.03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.16 10:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll MOD - [2010.11.11 03:09:26 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.09.27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.19 21:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.07.30 11:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll MOD - [2010.07.15 20:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll MOD - [2010.07.15 20:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll MOD - [2010.07.15 20:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll MOD - [2010.06.23 05:54:36 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ImageHelper.dll MOD - [2010.04.22 12:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.04.22 12:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.04.22 12:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010.02.24 10:56:40 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMediaLibrary.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\pngio.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2007.10.31 11:51:00 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.13 04:56:56 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.19 15:02:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2011.11.09 03:47:13 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2011.10.19 13:20:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_A39F8B77) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.28 15:28:26 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.31 20:15:54 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.18 18:11:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.10.18 18:11:34 | 000,415,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011.10.18 18:11:34 | 000,220,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.10.18 18:11:34 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2011.10.18 18:11:26 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.13 05:39:32 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.13 04:15:22 | 000,299,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010.04.21 16:40:20 | 000,124,416 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmnsusbser.sys -- (tmnsusbser) DRV:64bit: - [2010.04.20 08:08:46 | 000,129,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmusbnet.sys -- (tmusbnet) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.05.22 12:28:37 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\ex64.sys -- (NAVEX15) DRV - [2013.05.22 12:28:37 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\eng64.sys -- (NAVENG) DRV - [2012.12.27 17:47:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130608.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.09 23:39:32 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.08.09 12:32:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=102 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119778&tt=gc_&babsrc=SP_ss&mntrId=58F00026832DF062 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE485 IE - HKCU\..\SearchScopes\{A5B9EB11-8380-475a-AF38-95F69B7FA7C4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{EAC1BB87-B546-4d99-97F7-7EBDAA52AA70}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesspiegel.de/" FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1 FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.6 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.34 FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.11 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.06.12 00:59:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.28 21:01:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013.06.11 22:36:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Kommunikation\E-Mail\Thunderbird\components [2013.06.11 22:36:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Kommunikation\E-Mail\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.28 21:01:54 | 000,000,000 | ---D | M] [2011.10.27 17:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\Extensions [2013.06.11 22:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions [2013.06.11 22:36:46 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.06.11 22:36:46 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.08.28 13:49:51 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.12.14 05:24:38 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\fdm_ffext@freedownloadmanager.org [2013.06.11 22:36:46 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\foxmarks@kei.com [2013.05.25 16:35:14 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\extensions\firebug@software.joehewitt.com.xpi [2013.04.24 11:41:49 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011.12.19 16:47:05 | 000,000,933 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\11-suche.xml [2011.12.19 16:47:05 | 000,002,419 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\englische-ergebnisse.xml [2011.12.19 16:47:05 | 000,010,525 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\gmx-suche.xml [2011.12.19 16:47:05 | 000,002,457 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\lastminute.xml [2011.12.19 16:47:04 | 000,005,508 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\webde-suche.xml [2013.06.12 00:59:24 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\COFFPLGN [2013.06.11 22:36:43 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPLGN ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll CHR - Extension: Google Drive = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WebCake = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: Norton Identity Protection = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe" File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\_Programme\Hardware\Grafikkarte\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [WizMouse] C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe () O4 - Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\_Programme\Office\Open Office 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlall.htm () O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02BDA9CF-AA82-4859-A711-E86113725612}: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7416AB33-38D7-4F77-8E6F-E8D109F5A09A}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7519CF76-B2D1-45B9-AB8D-E0910827ACE6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C7961C-D38D-43F9-8008-69D0DE7D4150}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F1CF84C-E193-4064-AA11-5C833D9D5E30}: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A984BE61-BAAE-47ED-B7A5-C84C897B4BAF}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{08e2af70-2740-11e2-b8ad-f46d045354e2}\Shell - "" = AutoRun O33 - MountPoints2\{08e2af70-2740-11e2-b8ad-f46d045354e2}\Shell\AutoRun\command - "" = K:\.\autorun.exe O33 - MountPoints2\{25c610fa-8d21-11e1-86a8-f46d045354e2}\Shell - "" = AutoRun O33 - MountPoints2\{25c610fa-8d21-11e1-86a8-f46d045354e2}\Shell\AutoRun\command - "" = K:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 00:59:49 | 000,000,000 | R--D | C] -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.11 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{26FEC8C9-6E70-40DC-BFF1-1955C173FE6A} [2013.06.11 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{FF4782A2-F481-4168-AE01-55C50C593ACF} [2013.06.11 15:56:53 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{3F69B991-7404-43AD-81E1-A1062939E37D} [2013.06.11 03:56:29 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{F19327ED-7D7D-4CE2-B91E-B96039A6EFAE} [2013.06.10 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{09F98E37-A521-4216-8818-A21CF3D4178D} [2013.06.09 14:42:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{7A9DB77B-325D-4F91-BE2B-7E596F3AF5B1} [2013.06.08 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{23DF1FD2-76D7-4847-9D05-3A394CEAAA5A} [2013.06.07 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{4461D250-CBCB-43CD-A1AC-C9E346F76AE4} [2013.06.06 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{63736CE8-0C1E-4DB6-8085-0D91642BCA70} [2013.06.05 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{D1933FDC-7EBA-4BA8-8C63-F88025B85899} [2013.06.04 13:08:50 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{AAF17BAC-323F-4D9D-A14B-FFFE8E6163DF} [2013.06.03 12:16:18 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{1A9C4E86-BA22-4EDB-87E8-B1994A5EBCAF} [2013.06.02 12:52:41 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{11533A9B-C0C9-404C-AEB0-2B638DC7BE14} [2013.06.01 14:25:34 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{2D72CD65-5710-42A2-AA2A-8BF2C3E26C9A} [2013.05.31 11:41:17 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{8173BB33-8C57-48A4-B290-44FA221F58C2} [2013.05.30 10:27:57 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{0102B59B-3A7C-4F70-BA20-33088EAA7EA4} [2013.05.29 22:47:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.29 12:41:44 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{01163249-E9B5-4EC1-989F-98F750E4A06C} [2013.05.28 11:27:44 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{FE6C4E3A-AA50-486B-89C0-4C370CFB8680} [2013.05.27 11:37:15 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{138981D6-812F-4C98-8FCF-C56E86764085} [2013.05.26 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{2D1F7593-F6BC-4520-B043-ED5037249128} [2013.05.26 13:54:14 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Roaming\Babylon [2013.05.26 13:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.26 13:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.05.26 13:52:47 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IlemiTVApp.com [2013.05.26 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IlemiTVApp.com [2013.05.25 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{CDBCDBDF-FBF5-470F-B22B-814EED9115E6} [2013.05.25 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{B8459C05-B3E5-41DD-B056-64DA86B8663F} [2013.05.24 15:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.24 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{5BB98FB3-77DC-4C13-A00B-79B68B15BD84} [2013.05.23 12:41:14 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{35884DEE-6051-4163-A517-C323AD9F9F7A} [2013.05.22 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{0B3A8347-B66F-4E08-B428-B392A6072F71} [2013.05.21 11:35:56 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{3798F1F8-A958-4E65-92DA-3A260A9D1A75} [2013.05.20 12:59:34 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{530135A1-5E61-4D2F-B5EF-937EBA245D75} [2013.05.19 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{E358F5F8-9A72-4BF4-8C08-35DE818E6FB2} [2013.05.18 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{B8D49CFC-6C2C-4287-A73A-CB66E89B02D0} [2013.05.17 11:06:36 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{394C06C4-0DC4-4977-8A48-229055B0BF3C} [2013.05.16 11:08:24 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{F75F1CDD-BB2C-4D9E-B14F-11F15FD9D5E4} [2013.05.15 10:31:56 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{CED57C8D-3CC0-4AAD-AB69-F22539589F6F} [2013.05.14 13:04:58 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{73B0F3C5-3973-4A19-BE6C-90CD8058EB8A} [2013.05.13 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{25B82089-A9FD-46E2-95CA-9589C9328E5C} ========== Files - Modified Within 30 Days ========== [2013.06.12 01:15:02 | 000,000,000 | ---- | M] () -- C:\Users\feirio\defogger_reenable [2013.06.12 01:06:32 | 000,026,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 01:06:32 | 000,026,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 01:05:20 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.12 01:05:20 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.12 01:05:20 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.12 01:05:20 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.12 01:05:20 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.12 01:03:54 | 001,917,715 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.06.12 01:03:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 00:59:56 | 000,000,401 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.06.12 00:59:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 00:59:49 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.06.12 00:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 00:59:18 | 2129,276,927 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 15:48:11 | 000,001,053 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini [2013.05.31 02:03:16 | 000,004,533 | ---- | M] () -- C:\Users\feirio\Desktop\Zeichen.odt [2013.05.24 04:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.cat [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys [2013.05.23 07:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat [2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa.inf [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys [2013.05.21 07:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds.inf [2013.05.21 06:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat [2013.05.16 11:07:53 | 000,330,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys [2013.05.16 07:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf ========== Files Created - No Company Name ========== [2013.06.12 01:15:02 | 000,000,000 | ---- | C] () -- C:\Users\feirio\defogger_reenable [2013.05.31 02:03:15 | 000,004,533 | ---- | C] () -- C:\Users\feirio\Desktop\Zeichen.odt [2012.03.15 03:28:42 | 000,011,776 | ---- | C] () -- C:\Users\feirio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.23 22:38:40 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.11.25 02:47:14 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.09 04:04:43 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe [2011.11.09 04:04:38 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL [2011.11.09 04:04:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll [2011.11.09 04:04:38 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.11.09 04:04:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll [2011.11.09 04:04:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.11.09 04:04:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll [2011.11.02 02:58:12 | 000,007,673 | ---- | C] () -- C:\Users\feirio\AppData\Local\Resmon.ResmonCfg [2011.10.29 22:19:41 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011.10.28 20:47:53 | 000,256,822 | ---- | C] () -- C:\Windows\hpwins24.dat [2011.10.28 19:35:49 | 000,000,401 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.10.28 18:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.28 18:08:52 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.10.27 04:02:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2011.10.27 03:49:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.10.27 03:49:35 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.10.27 03:26:44 | 000,028,762 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.10.27 03:13:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.10.27 03:13:34 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.26 13:54:14 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Babylon [2013.06.12 01:03:36 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Dropbox [2012.05.30 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\elsterformular [2011.12.20 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\EPSON [2013.05.31 02:53:27 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\FileZilla [2011.11.03 04:01:27 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\FireShot [2013.06.12 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Free Download Manager [2013.06.12 00:59:51 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\ICQ [2011.11.08 00:07:34 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\OpenOffice.org [2013.06.11 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\SoftGrid Client [2012.03.15 03:28:42 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Solveig Multimedia [2011.10.27 18:03:07 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Thunderbird [2012.08.30 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\TP [2013.06.11 22:36:46 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\TP-LINK [2012.04.23 16:01:11 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > |
| Themen zu Blue Screens nach Installation der Software ILEMI |
| adobe, bho, blue screen, browser, computer, e-mail, entfernen, firefox, format, free download, google, helper, ilemi, ilemitvapps_setup33.exe, installation, internet, kernel_data_inpage_error, mozilla, plug-in, problem, programm, realtek, registry, rückgängig, security, software, starten, symantec, tarma, taskleiste, taskmanager, usb, windows, ändern |
Baum-Darstellung