| |
| |||||||
Log-Analyse und Auswertung: Blue Screens nach Installation der Software ILEMIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.06.2013, 04:08
| #1 |
| |  Blue Screens nach Installation der Software ILEMI Hallo, ich habe das Problem, dass sich mein Computer (Windows 7 Professional 64 Bit) mindestens einmal pro Stunde aufhängt und sich auch der Taskmanager nicht mehr starten lässt. Die akuten Probleme fingen letzte Nacht an. Ich arbeitete gerade nicht an meinem PC, als er plötzlich einen Blue Screen zeigte. Heute hatte ich inzwischen schon ca. 5x einen Blue Screen und unzählige weitere Systemabstürze, bei denen auch der Taskmanager nicht mehr reagierte und teilweise die Taskleiste verschwand. Bei den ersten drei Blue Screens erschien immer die Meldung: KERNEL_DATA_INPAGE_ERROR *** STOP: 0x0000007A Ich habe die Fehlermeldungen abfotografiert, falls die genauen Angaben von Interesse sind. Schon in den letzten Tagen hatte ich das Problem, dass die Taskleiste häufig nicht mehr reagrierte. Auch in Thunderbird ließen sich in dem Zusammenhang keine Mails mehr auswählen und anzeigen. Das Starten des Taskmanagers brachte aber immer Abhilfe. Sobald er geöffnet war, lief wieder alles normal. Begonnen haben die Probleme, als ich eine Sportveranstaltung online schauen wollte. Ich stieß dabei auf die Seite h**p://myp2p.ec/ und installierte die Software ILEMI. Bei der Installation wurde auch eine Browsertoolbar mit installiert, obwohl ich sie extra bei der benutzerdefinierten Installation abgewählt hatte. Die Toolbar installierte sich in allen Browsern auf meinem Rechner (Firefox, IE, Chrome). Ich deinstallierte sie überall wieder und deinstallierte auch umgehend ILEMI. Dabei gab es das Problem, dass das Programm eigentlich deinstalliert war, aber dennoch unter "Programm deinstallieren und ändern" angezeigt wurde. Es gab dann die Option es aus der Liste zu entfernen, wovon ich Gebrauch machte. Inzwischen habe ich mit Norton Internet Security das System gescannt. Dabei wurde die Datei ilemitvapps_setup33.exe (WS.Reputation.1, Ursprung: h**p://dl.ilemiapp.net/download) als Bedrohung erkannt und isoliert. Ich habe auch schon versucht das System über die Systemwiederherstellung zurückzusetzen. Der Wiederherstellungspunkt war allerdings schon 5 Monate alt. Ich habe das Ganze dann wieder rückgängig gemacht, da etliche Programme Fehlermeldungen erzeugten und sich der PC auch wieder aufhing. Anschließend führte ich mit Norton noch einen Scan im abgesicherten Modus durch. Diese brachte keine Funde. Nach einem ganzen Tag bin nun mit meinem Latein am Ende und hoffe Ihr könnt mir weiterhelfen. Bei Erfolg gibt es auch auf jeden Fall ein Spende. Gerade stürzte der Rechner wieder mit einem Blue Screen ab. Diesmal mit der Meldung ***STOP 0x000000F4. Die Scans mit den hier angegebenen Tools habe ich nach Vorschrift durchgeführt. Die Logfiles hänge ich an. Vielen Dank schon im Voraus! Norton-Log: Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 11.06.2013 16:59:43,Mittel,ilemitvapps_setup33.exe (WS.Reputation.1) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\program files (x86)\_programme\tools\video\p2p\ilemi\ilemitvapps_setup33.exe 11.06.2013 16:27:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 07.06.2013 12:22:54,Gering,webcakesetup[1].exe (Yontoo) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\feirio\appdata\local\microsoft\windows\temporary internet files\content.ie5\k7597si5\webcakesetup[1].exe 30.05.2013 12:04:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, defogger_disable.log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:15 on 12/06/2013 (feirio) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL logfile created on: 12.06.2013 01:21:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,11% Memory free 15,95 Gb Paging File | 13,49 Gb Available in Paging File | 84,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 38,32 Gb Free Space | 32,16% Space Free | Partition Type: NTFS Drive I: | 97,66 Gb Total Space | 30,29 Gb Free Space | 31,01% Space Free | Partition Type: NTFS Drive J: | 833,85 Gb Total Space | 336,45 Gb Free Space | 40,35% Space Free | Partition Type: NTFS Computer Name: LIGHTSPEEDY | User Name: feirio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 01:18:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.03.27 10:11:00 | 006,875,136 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.07.19 14:01:00 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\fwupdate.exe PRC - [2011.10.27 18:15:42 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe PRC - [2011.10.19 13:20:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.30 10:51:50 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.bin PRC - [2011.01.12 21:31:42 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe PRC - [2011.01.12 21:31:26 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe PRC - [2011.01.12 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.12.20 11:18:48 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.16 10:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.11.09 10:34:26 | 002,529,920 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.09.28 15:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2010.05.14 07:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe PRC - [2004.12.14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 00:59:49 | 001,175,040 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._core_.pyd MOD - [2013.06.12 00:59:49 | 001,153,024 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_ssl.pyd MOD - [2013.06.12 00:59:49 | 001,062,400 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._controls_.pyd MOD - [2013.06.12 00:59:49 | 001,022,416 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\windows._cacheinvalidation.pyd MOD - [2013.06.12 00:59:49 | 000,811,008 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._windows_.pyd MOD - [2013.06.12 00:59:49 | 000,805,888 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._gdi_.pyd MOD - [2013.06.12 00:59:49 | 000,735,232 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._misc_.pyd MOD - [2013.06.12 00:59:49 | 000,711,680 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_hashlib.pyd MOD - [2013.06.12 00:59:49 | 000,686,080 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\unicodedata.pyd MOD - [2013.06.12 00:59:49 | 000,557,056 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pysqlite2._sqlite.pyd MOD - [2013.06.12 00:59:49 | 000,364,544 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pythoncom27.dll MOD - [2013.06.12 00:59:49 | 000,320,512 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32com.shell.shell.pyd MOD - [2013.06.12 00:59:49 | 000,128,512 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_elementtree.pyd MOD - [2013.06.12 00:59:49 | 000,127,488 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pyexpat.pyd MOD - [2013.06.12 00:59:49 | 000,122,368 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._wizard.pyd MOD - [2013.06.12 00:59:49 | 000,119,808 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32file.pyd MOD - [2013.06.12 00:59:49 | 000,110,080 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\pywintypes27.dll MOD - [2013.06.12 00:59:49 | 000,108,544 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32security.pyd MOD - [2013.06.12 00:59:49 | 000,098,816 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32api.pyd MOD - [2013.06.12 00:59:49 | 000,087,040 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_ctypes.pyd MOD - [2013.06.12 00:59:49 | 000,070,656 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\wx._html2.pyd MOD - [2013.06.12 00:59:49 | 000,044,032 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_socket.pyd MOD - [2013.06.12 00:59:49 | 000,038,912 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32inet.pyd MOD - [2013.06.12 00:59:49 | 000,035,840 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32process.pyd MOD - [2013.06.12 00:59:49 | 000,026,624 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\_multiprocessing.pyd MOD - [2013.06.12 00:59:49 | 000,025,600 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32pdh.pyd MOD - [2013.06.12 00:59:49 | 000,022,528 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32ts.pyd MOD - [2013.06.12 00:59:49 | 000,018,432 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32event.pyd MOD - [2013.06.12 00:59:49 | 000,017,408 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32profile.pyd MOD - [2013.06.12 00:59:49 | 000,011,264 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\win32crypt.pyd MOD - [2013.06.12 00:59:49 | 000,010,240 | ---- | M] () -- C:\Users\feirio\AppData\Local\Temp\_MEI51922\select.pyd MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.12.26 09:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdmbtsupp.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll MOD - [2011.11.07 23:02:07 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\_Programme\Office\Open Office 3\program\libxml2.dll MOD - [2011.09.30 10:51:50 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011.01.20 12:09:34 | 000,964,096 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.01.13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.01.12 21:31:42 | 000,401,408 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe MOD - [2011.01.12 10:53:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.12.30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2010.12.03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.16 10:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll MOD - [2010.11.11 03:09:26 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.09.27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.19 21:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.07.30 11:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll MOD - [2010.07.15 20:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll MOD - [2010.07.15 20:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll MOD - [2010.07.15 20:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll MOD - [2010.06.23 05:54:36 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ImageHelper.dll MOD - [2010.04.22 12:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.04.22 12:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.04.22 12:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010.02.24 10:56:40 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMediaLibrary.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\pngio.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2007.10.31 11:51:00 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.13 04:56:56 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.19 15:02:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2011.11.09 03:47:13 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2011.10.19 13:20:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_A39F8B77) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.28 15:28:26 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.31 20:15:54 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.18 18:11:44 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.10.18 18:11:34 | 000,415,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011.10.18 18:11:34 | 000,220,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.10.18 18:11:34 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2011.10.18 18:11:26 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.13 05:39:32 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.13 04:15:22 | 000,299,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010.04.21 16:40:20 | 000,124,416 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmnsusbser.sys -- (tmnsusbser) DRV:64bit: - [2010.04.20 08:08:46 | 000,129,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmusbnet.sys -- (tmusbnet) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.05.22 12:28:37 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\ex64.sys -- (NAVEX15) DRV - [2013.05.22 12:28:37 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\eng64.sys -- (NAVENG) DRV - [2012.12.27 17:47:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130608.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.09 23:39:32 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.08.09 12:32:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=102 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119778&tt=gc_&babsrc=SP_ss&mntrId=58F00026832DF062 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE485 IE - HKCU\..\SearchScopes\{A5B9EB11-8380-475a-AF38-95F69B7FA7C4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\..\SearchScopes\{EAC1BB87-B546-4d99-97F7-7EBDAA52AA70}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesspiegel.de/" FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1 FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.6 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.34 FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.11 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013.06.12 00:59:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.28 21:01:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013.06.11 22:36:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\_Programme\Internet\Kommunikation\E-Mail\Thunderbird\components [2013.06.11 22:36:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\_Programme\Internet\Kommunikation\E-Mail\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.28 21:01:54 | 000,000,000 | ---D | M] [2011.10.27 17:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\Extensions [2013.06.11 22:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions [2013.06.11 22:36:46 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.06.11 22:36:46 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.08.28 13:49:51 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.12.14 05:24:38 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\fdm_ffext@freedownloadmanager.org [2013.06.11 22:36:46 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\feirio\AppData\Roaming\mozilla\Firefox\Profiles\ezn7q46x.default\extensions\foxmarks@kei.com [2013.05.25 16:35:14 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\extensions\firebug@software.joehewitt.com.xpi [2013.04.24 11:41:49 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011.12.19 16:47:05 | 000,000,933 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\11-suche.xml [2011.12.19 16:47:05 | 000,002,419 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\englische-ergebnisse.xml [2011.12.19 16:47:05 | 000,010,525 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\gmx-suche.xml [2011.12.19 16:47:05 | 000,002,457 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\lastminute.xml [2011.12.19 16:47:04 | 000,005,508 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\mozilla\firefox\profiles\ezn7q46x.default\searchplugins\webde-suche.xml [2013.06.12 00:59:24 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\COFFPLGN [2013.06.11 22:36:43 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPLGN ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll CHR - Extension: Google Drive = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WebCake = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: Norton Identity Protection = C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe" File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\_Programme\Hardware\Grafikkarte\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [WizMouse] C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe () O4 - Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\_Programme\Office\Open Office 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlall.htm () O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02BDA9CF-AA82-4859-A711-E86113725612}: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7416AB33-38D7-4F77-8E6F-E8D109F5A09A}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7519CF76-B2D1-45B9-AB8D-E0910827ACE6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C7961C-D38D-43F9-8008-69D0DE7D4150}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F1CF84C-E193-4064-AA11-5C833D9D5E30}: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A984BE61-BAAE-47ED-B7A5-C84C897B4BAF}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{08e2af70-2740-11e2-b8ad-f46d045354e2}\Shell - "" = AutoRun O33 - MountPoints2\{08e2af70-2740-11e2-b8ad-f46d045354e2}\Shell\AutoRun\command - "" = K:\.\autorun.exe O33 - MountPoints2\{25c610fa-8d21-11e1-86a8-f46d045354e2}\Shell - "" = AutoRun O33 - MountPoints2\{25c610fa-8d21-11e1-86a8-f46d045354e2}\Shell\AutoRun\command - "" = K:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 00:59:49 | 000,000,000 | R--D | C] -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.11 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{26FEC8C9-6E70-40DC-BFF1-1955C173FE6A} [2013.06.11 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{FF4782A2-F481-4168-AE01-55C50C593ACF} [2013.06.11 15:56:53 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{3F69B991-7404-43AD-81E1-A1062939E37D} [2013.06.11 03:56:29 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{F19327ED-7D7D-4CE2-B91E-B96039A6EFAE} [2013.06.10 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{09F98E37-A521-4216-8818-A21CF3D4178D} [2013.06.09 14:42:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{7A9DB77B-325D-4F91-BE2B-7E596F3AF5B1} [2013.06.08 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{23DF1FD2-76D7-4847-9D05-3A394CEAAA5A} [2013.06.07 11:37:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{4461D250-CBCB-43CD-A1AC-C9E346F76AE4} [2013.06.06 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{63736CE8-0C1E-4DB6-8085-0D91642BCA70} [2013.06.05 12:01:51 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{D1933FDC-7EBA-4BA8-8C63-F88025B85899} [2013.06.04 13:08:50 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{AAF17BAC-323F-4D9D-A14B-FFFE8E6163DF} [2013.06.03 12:16:18 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{1A9C4E86-BA22-4EDB-87E8-B1994A5EBCAF} [2013.06.02 12:52:41 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{11533A9B-C0C9-404C-AEB0-2B638DC7BE14} [2013.06.01 14:25:34 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{2D72CD65-5710-42A2-AA2A-8BF2C3E26C9A} [2013.05.31 11:41:17 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{8173BB33-8C57-48A4-B290-44FA221F58C2} [2013.05.30 10:27:57 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{0102B59B-3A7C-4F70-BA20-33088EAA7EA4} [2013.05.29 22:47:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.29 12:41:44 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{01163249-E9B5-4EC1-989F-98F750E4A06C} [2013.05.28 11:27:44 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{FE6C4E3A-AA50-486B-89C0-4C370CFB8680} [2013.05.27 11:37:15 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{138981D6-812F-4C98-8FCF-C56E86764085} [2013.05.26 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{2D1F7593-F6BC-4520-B043-ED5037249128} [2013.05.26 13:54:14 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Roaming\Babylon [2013.05.26 13:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.26 13:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.05.26 13:52:47 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IlemiTVApp.com [2013.05.26 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IlemiTVApp.com [2013.05.25 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{CDBCDBDF-FBF5-470F-B22B-814EED9115E6} [2013.05.25 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{B8459C05-B3E5-41DD-B056-64DA86B8663F} [2013.05.24 15:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.24 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{5BB98FB3-77DC-4C13-A00B-79B68B15BD84} [2013.05.23 12:41:14 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{35884DEE-6051-4163-A517-C323AD9F9F7A} [2013.05.22 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{0B3A8347-B66F-4E08-B428-B392A6072F71} [2013.05.21 11:35:56 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{3798F1F8-A958-4E65-92DA-3A260A9D1A75} [2013.05.20 12:59:34 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{530135A1-5E61-4D2F-B5EF-937EBA245D75} [2013.05.19 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{E358F5F8-9A72-4BF4-8C08-35DE818E6FB2} [2013.05.18 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{B8D49CFC-6C2C-4287-A73A-CB66E89B02D0} [2013.05.17 11:06:36 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{394C06C4-0DC4-4977-8A48-229055B0BF3C} [2013.05.16 11:08:24 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{F75F1CDD-BB2C-4D9E-B14F-11F15FD9D5E4} [2013.05.15 10:31:56 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{CED57C8D-3CC0-4AAD-AB69-F22539589F6F} [2013.05.14 13:04:58 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{73B0F3C5-3973-4A19-BE6C-90CD8058EB8A} [2013.05.13 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\feirio\AppData\Local\{25B82089-A9FD-46E2-95CA-9589C9328E5C} ========== Files - Modified Within 30 Days ========== [2013.06.12 01:15:02 | 000,000,000 | ---- | M] () -- C:\Users\feirio\defogger_reenable [2013.06.12 01:06:32 | 000,026,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 01:06:32 | 000,026,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 01:05:20 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.12 01:05:20 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.12 01:05:20 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.12 01:05:20 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.12 01:05:20 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.12 01:03:54 | 001,917,715 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.06.12 01:03:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 00:59:56 | 000,000,401 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.06.12 00:59:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 00:59:49 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.06.12 00:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 00:59:18 | 2129,276,927 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 15:48:11 | 000,001,053 | ---- | M] () -- C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini [2013.05.31 02:03:16 | 000,004,533 | ---- | M] () -- C:\Users\feirio\Desktop\Zeichen.odt [2013.05.24 04:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.cat [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys [2013.05.23 07:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat [2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa.inf [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys [2013.05.21 07:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds.inf [2013.05.21 06:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat [2013.05.16 11:07:53 | 000,330,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys [2013.05.16 07:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf ========== Files Created - No Company Name ========== [2013.06.12 01:15:02 | 000,000,000 | ---- | C] () -- C:\Users\feirio\defogger_reenable [2013.05.31 02:03:15 | 000,004,533 | ---- | C] () -- C:\Users\feirio\Desktop\Zeichen.odt [2012.03.15 03:28:42 | 000,011,776 | ---- | C] () -- C:\Users\feirio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.23 22:38:40 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.11.25 02:47:14 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.09 04:04:43 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe [2011.11.09 04:04:38 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL [2011.11.09 04:04:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll [2011.11.09 04:04:38 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.11.09 04:04:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll [2011.11.09 04:04:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.11.09 04:04:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll [2011.11.02 02:58:12 | 000,007,673 | ---- | C] () -- C:\Users\feirio\AppData\Local\Resmon.ResmonCfg [2011.10.29 22:19:41 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011.10.28 20:47:53 | 000,256,822 | ---- | C] () -- C:\Windows\hpwins24.dat [2011.10.28 19:35:49 | 000,000,401 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.10.28 18:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.28 18:08:52 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.10.27 04:02:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2011.10.27 03:49:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.10.27 03:49:35 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.10.27 03:26:44 | 000,028,762 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.10.27 03:13:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.10.27 03:13:34 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.26 13:54:14 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Babylon [2013.06.12 01:03:36 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Dropbox [2012.05.30 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\elsterformular [2011.12.20 03:35:46 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\EPSON [2013.05.31 02:53:27 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\FileZilla [2011.11.03 04:01:27 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\FireShot [2013.06.12 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Free Download Manager [2013.06.12 00:59:51 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\ICQ [2011.11.08 00:07:34 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\OpenOffice.org [2013.06.11 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\SoftGrid Client [2012.03.15 03:28:42 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Solveig Multimedia [2011.10.27 18:03:07 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Thunderbird [2012.08.30 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\TP [2013.06.11 22:36:46 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\TP-LINK [2012.04.23 16:01:11 | 000,000,000 | ---D | M] -- C:\Users\feirio\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > |
|
12.06.2013, 06:18
| #2 |
| /// the machine /// TB-Ausbilder    |  Blue Screens nach Installation der Software ILEMI Hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
12.06.2013, 12:31
| #3 |
| | Blue Screens nach Installation der Software ILEMI Hallo, vielen Dank für die schnelle Hilfe.
__________________Und danke für den Hinweis mit den Code-Tags. Soll ich die ersten Logfiles auch noch einmal so posten? Ich war mir nicht sicher, ob Logfiles als Code gelten. Vielleicht könntet ihr den Hinweis in Eurer Anleitung noch kurz ergänzen. Beim Posten kam allerdings auch die Meldung, dass der Artikel zu lang wird und ich die beiden Dateien zippen soll. Das habe ich getan. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 03
Ran by feirio (administrator) on 12-06-2013 13:14:08
Running from C:\Downloads\Software
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
() c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(ICQ, LLC.) C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqtra08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\_Programme\Hardware\Grafikkarte\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(OpenOffice.org) C:\Program Files (x86)\_Programme\Office\Open Office 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\HP Software Update\hpwuschd2.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\acrotray.exe
(BitLeader) C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\fwupdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\_Programme\Hardware\Grafikkarte\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\_Programme\Internet\Kommunikation\E-Mail\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\_Programme\Internet\Browser\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [ICQ] "C:\Program Files (x86)\_Programme\Internet\Kommunikation\Messenger\ICQ\ICQ7.6\ICQ.exe" silent loginmode=4 [127040 2011-10-27] (ICQ, LLC.)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [401408 2011-01-12] ()
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-01-12] (AMD)
HKCU\...\Run: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [569344 2011-01-12] (AMD)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-04-22] (Hewlett-Packard Company)
HKCU\...\Run: [Free Download Manager] "C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\fdm.exe" -autorun [6875136 2013-03-27] (FreeDownloadManager.ORG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [WizMouse] "C:\Program Files (x86)\_Programme\Tools\System\WizMouse\WizMouse.exe" [121648 2011-09-30] ()
HKCU\...\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-22] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
MountPoints2: K - K:\setup_vmb_lite.exe /checkApplicationPresence
MountPoints2: {08e2af70-2740-11e2-b8ad-f46d045354e2} - K:\.\autorun.exe
MountPoints2: {25c610fa-8d21-11e1-86a8-f46d045354e2} - K:\setup_vmb_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\_Programme\Hardware\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-09-28] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\_Programme\Hardware\Grafikkarte\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-05-14] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Version Cue CS2] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> c:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\feirio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\feirio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\_Programme\Office\Open Office 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119778&tt=gc_&babsrc=SP_ss&mntrId=58F00026832DF062
SearchScopes: HKCU - {A5B9EB11-8380-475a-AF38-95F69B7FA7C4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\_Programme\Internet\Download\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\progra~2\_Programme\Design\Adobe\CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7416AB33-38D7-4F77-8E6F-E8D109F5A09A}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default
FF Homepage: hxxp://www.tagesspiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\_Programme\Hilfsprogramme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Free Download Manager plugin - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: No Name - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\foxmarks@kei.com
FF Extension: FireShot - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: SeoQuake - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Page Speed - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: firebug - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: No Name - C:\Users\feirio\AppData\Roaming\Mozilla\Firefox\Profiles\ezn7q46x.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\_Programme\Tools\Video\VLC\npvlc.dll (the VideoLAN Team)
CHR Extension: (Google Drive) - C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WebCake) - C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: (Norton Identity Protection) - C:\Users\feirio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_1
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-10-29] (Adobe Systems)
R2 Adobe Version Cue CS2; c:\progra~2\_Programme\Design\Adobe\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 CLKMSVC10_A39F8B77; C:\Program Files (x86)\_Programme\Hardware\Laufwerk\CyberLink Blu-ray Disc Suite\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
R3 hpqcxs08; C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2010-05-28] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2010-05-28] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files (x86)\_Programme\Hardware\Drucker\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1044840 2010-05-28] (Hewlett-Packard Co.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2011-11-09] (Macromedia)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [144520 2012-12-24] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
S3 Hidfsvmeip;
==================== Drivers (Whitelisted) ====================
R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [168096 2012-11-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130608.001\IDSvia64.sys [513184 2012-12-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130608.001\IDSvia64.sys [513184 2012-12-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130611.003\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [796248 2013-01-29] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [36952 2013-01-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1403010.016\SYMDS64.SYS [493656 2013-01-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1403010.016\SYMEFA64.SYS [1139800 2013-01-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [224416 2012-11-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [432800 2013-01-31] (Symantec Corporation)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-12 13:13 - 2013-06-12 13:13 - 00000000 ____D C:\FRST
2013-06-12 04:48 - 2013-06-12 05:25 - 00002909 ____A C:\Users\feirio\Desktop\Trojaner Board - Post.txt
2013-06-12 03:57 - 2013-06-12 03:57 - 00000000 ____D C:\Users\feirio\AppData\Local\{F29073D2-8F6D-4C69-81B3-94AFB4339D54}
2013-06-12 02:33 - 2013-06-12 02:33 - 1042515596 ____A C:\Windows\MEMORY.DMP
2013-06-12 02:33 - 2013-06-12 02:33 - 00276872 ____A C:\Windows\Minidump\061213-8845-01.dmp
2013-06-12 02:33 - 2013-06-12 02:33 - 00000000 ____D C:\Windows\Minidump
2013-06-12 01:15 - 2013-06-12 01:15 - 00000000 ____A C:\Users\feirio\defogger_reenable
2013-06-11 22:28 - 2013-06-11 22:28 - 00000000 ____D C:\Users\feirio\AppData\Local\{26FEC8C9-6E70-40DC-BFF1-1955C173FE6A}
2013-06-11 21:42 - 2013-06-11 21:42 - 00000000 ____D C:\Users\feirio\AppData\Local\{FF4782A2-F481-4168-AE01-55C50C593ACF}
2013-06-11 15:56 - 2013-06-11 15:57 - 00000000 ____D C:\Users\feirio\AppData\Local\{3F69B991-7404-43AD-81E1-A1062939E37D}
2013-06-11 03:56 - 2013-06-11 03:56 - 00000000 ____D C:\Users\feirio\AppData\Local\{F19327ED-7D7D-4CE2-B91E-B96039A6EFAE}
2013-06-11 02:39 - 2013-06-11 02:39 - 1078867224 ____A C:\Users\feirio\Downloads\Motorsport__FIA_WTCC_2013_Tourenwagen_Weltmeisterschaft_Volokolamsk_RUS_13.06.09_12-00_eurosport_60_TVOON_DE.mpg.avi
2013-06-11 02:19 - 2013-06-11 02:19 - 897681766 ____A C:\Users\feirio\Downloads\Motorrad__FIM_Superbike_Weltmeisterschaft_2013_in_Portimao_POR_13.06.09_13-00_eurosport_60_TVOON_DE.mpg.avi
2013-06-10 12:29 - 2013-06-10 12:30 - 00000000 ____D C:\Users\feirio\AppData\Local\{09F98E37-A521-4216-8818-A21CF3D4178D}
2013-06-09 14:42 - 2013-06-09 14:42 - 00000000 ____D C:\Users\feirio\AppData\Local\{7A9DB77B-325D-4F91-BE2B-7E596F3AF5B1}
2013-06-08 11:58 - 2013-06-08 11:58 - 00000000 ____D C:\Users\feirio\AppData\Local\{23DF1FD2-76D7-4847-9D05-3A394CEAAA5A}
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Users\feirio\AppData\Local\{4461D250-CBCB-43CD-A1AC-C9E346F76AE4}
2013-06-06 11:20 - 2013-06-06 11:20 - 00000000 ____D C:\Users\feirio\AppData\Local\{63736CE8-0C1E-4DB6-8085-0D91642BCA70}
2013-06-05 12:01 - 2013-06-05 12:02 - 00000000 ____D C:\Users\feirio\AppData\Local\{D1933FDC-7EBA-4BA8-8C63-F88025B85899}
2013-06-04 14:42 - 2013-06-04 14:49 - 495985145 ____A C:\Users\feirio\Downloads\WTFF.zip
2013-06-04 13:08 - 2013-06-04 13:09 - 00000000 ____D C:\Users\feirio\AppData\Local\{AAF17BAC-323F-4D9D-A14B-FFFE8E6163DF}
2013-06-03 12:16 - 2013-06-03 12:16 - 00000000 ____D C:\Users\feirio\AppData\Local\{1A9C4E86-BA22-4EDB-87E8-B1994A5EBCAF}
2013-06-02 12:52 - 2013-06-02 12:52 - 00000000 ____D C:\Users\feirio\AppData\Local\{11533A9B-C0C9-404C-AEB0-2B638DC7BE14}
2013-06-01 14:25 - 2013-06-01 14:25 - 00000000 ____D C:\Users\feirio\AppData\Local\{2D72CD65-5710-42A2-AA2A-8BF2C3E26C9A}
2013-05-31 11:41 - 2013-05-31 11:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{8173BB33-8C57-48A4-B290-44FA221F58C2}
2013-05-31 02:03 - 2013-05-31 02:03 - 00004533 ____A C:\Users\feirio\Desktop\Zeichen.odt
2013-05-30 10:27 - 2013-05-30 10:28 - 00000000 ____D C:\Users\feirio\AppData\Local\{0102B59B-3A7C-4F70-BA20-33088EAA7EA4}
2013-05-29 22:47 - 2013-06-12 00:04 - 00000000 ____D C:\Windows\pss
2013-05-29 12:41 - 2013-05-29 12:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{01163249-E9B5-4EC1-989F-98F750E4A06C}
2013-05-28 11:27 - 2013-05-28 11:27 - 00000000 ____D C:\Users\feirio\AppData\Local\{FE6C4E3A-AA50-486B-89C0-4C370CFB8680}
2013-05-27 11:37 - 2013-05-27 11:37 - 00000000 ____D C:\Users\feirio\AppData\Local\{138981D6-812F-4C98-8FCF-C56E86764085}
2013-05-26 22:08 - 2013-05-26 22:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{2D1F7593-F6BC-4520-B043-ED5037249128}
2013-05-26 13:54 - 2013-05-26 13:54 - 00000000 ____D C:\Users\feirio\AppData\Roaming\Babylon
2013-05-26 13:54 - 2013-05-26 13:54 - 00000000 ____D C:\ProgramData\Babylon
2013-05-26 13:52 - 2013-05-26 22:16 - 00000000 ____D C:\Program Files (x86)\IlemiTVApp.com
2013-05-25 23:33 - 2013-05-25 23:33 - 00000000 ____D C:\Users\feirio\AppData\Local\{CDBCDBDF-FBF5-470F-B22B-814EED9115E6}
2013-05-25 10:30 - 2013-05-25 10:30 - 00000000 ____D C:\Users\feirio\AppData\Local\{B8459C05-B3E5-41DD-B056-64DA86B8663F}
2013-05-24 15:27 - 2013-05-24 15:27 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-24 15:27 - 2013-05-24 15:27 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-24 12:04 - 2013-05-24 12:04 - 00000000 ____D C:\Users\feirio\AppData\Local\{5BB98FB3-77DC-4C13-A00B-79B68B15BD84}
2013-05-23 21:51 - 2013-06-11 03:58 - 00026873 ____A C:\Users\feirio\Desktop\Ideen.txt
2013-05-23 12:41 - 2013-05-23 12:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{35884DEE-6051-4163-A517-C323AD9F9F7A}
2013-05-22 12:08 - 2013-05-22 12:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{0B3A8347-B66F-4E08-B428-B392A6072F71}
2013-05-22 03:04 - 2013-05-22 03:04 - 00013309 ____A C:\Users\feirio\Downloads\Abrechnung_246446-bearbeitet.csv
2013-05-21 14:07 - 2013-05-22 03:03 - 00013309 ____A C:\Users\feirio\Downloads\Abrechnung_246446.csv
2013-05-21 11:35 - 2013-05-21 11:36 - 00000000 ____D C:\Users\feirio\AppData\Local\{3798F1F8-A958-4E65-92DA-3A260A9D1A75}
2013-05-20 12:59 - 2013-05-20 12:59 - 00000000 ____D C:\Users\feirio\AppData\Local\{530135A1-5E61-4D2F-B5EF-937EBA245D75}
2013-05-19 13:54 - 2013-05-19 13:54 - 00000000 ____D C:\Users\feirio\AppData\Local\{E358F5F8-9A72-4BF4-8C08-35DE818E6FB2}
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\Users\feirio\AppData\Local\{B8D49CFC-6C2C-4287-A73A-CB66E89B02D0}
2013-05-17 11:06 - 2013-05-17 11:06 - 00000000 ____D C:\Users\feirio\AppData\Local\{394C06C4-0DC4-4977-8A48-229055B0BF3C}
2013-05-16 11:08 - 2013-05-16 11:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{F75F1CDD-BB2C-4D9E-B14F-11F15FD9D5E4}
2013-05-15 19:56 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 19:56 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 19:56 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 19:56 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 19:56 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 19:56 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 19:56 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 19:56 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 19:56 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 19:56 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 19:56 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 19:56 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 15:42 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 15:42 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 15:42 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 15:42 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 15:42 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 15:42 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 15:42 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 15:42 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 15:42 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 15:42 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 15:42 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 15:42 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 15:42 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 15:42 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 10:31 - 2013-05-15 10:32 - 00000000 ____D C:\Users\feirio\AppData\Local\{CED57C8D-3CC0-4AAD-AB69-F22539589F6F}
2013-05-14 13:04 - 2013-05-14 13:05 - 00000000 ____D C:\Users\feirio\AppData\Local\{73B0F3C5-3973-4A19-BE6C-90CD8058EB8A}
2013-05-13 11:25 - 2013-05-13 11:25 - 00000000 ____D C:\Users\feirio\AppData\Local\{25B82089-A9FD-46E2-95CA-9589C9328E5C}
==================== One Month Modified Files and Folders =======
2013-06-12 13:13 - 2013-06-12 13:13 - 00000000 ____D C:\FRST
2013-06-12 13:13 - 2011-11-04 00:55 - 00000000 ____D C:\Users\feirio\AppData\Roaming\Free Download Manager
2013-06-12 13:08 - 2009-07-14 06:45 - 00026928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-12 13:08 - 2009-07-14 06:45 - 00026928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-12 13:07 - 2011-10-27 18:47 - 00654594 ____A C:\Windows\System32\perfh007.dat
2013-06-12 13:07 - 2011-10-27 18:47 - 00130208 ____A C:\Windows\System32\perfc007.dat
2013-06-12 13:07 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 13:05 - 2011-10-27 08:58 - 01889225 ____A C:\Windows\WindowsUpdate.log
2013-06-12 13:03 - 2011-11-15 02:21 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-12 13:03 - 2011-11-15 02:21 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-12 13:02 - 2012-02-28 23:51 - 00000000 ____D C:\Users\feirio\AppData\Roaming\Dropbox
2013-06-12 13:02 - 2011-10-28 19:35 - 00000401 ____A C:\Windows\lgfwup.ini
2013-06-12 13:01 - 2011-10-27 18:15 - 00000000 ____D C:\Users\feirio\AppData\Roaming\ICQ
2013-06-12 13:01 - 2011-10-27 03:36 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-06-12 13:01 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 13:01 - 2009-07-14 06:51 - 00136506 ____A C:\Windows\setupact.log
2013-06-12 05:25 - 2013-06-12 04:48 - 00002909 ____A C:\Users\feirio\Desktop\Trojaner Board - Post.txt
2013-06-12 03:57 - 2013-06-12 03:57 - 00000000 ____D C:\Users\feirio\AppData\Local\{F29073D2-8F6D-4C69-81B3-94AFB4339D54}
2013-06-12 02:33 - 2013-06-12 02:33 - 1042515596 ____A C:\Windows\MEMORY.DMP
2013-06-12 02:33 - 2013-06-12 02:33 - 00276872 ____A C:\Windows\Minidump\061213-8845-01.dmp
2013-06-12 02:33 - 2013-06-12 02:33 - 00000000 ____D C:\Windows\Minidump
2013-06-12 01:15 - 2013-06-12 01:15 - 00000000 ____A C:\Users\feirio\defogger_reenable
2013-06-12 01:15 - 2011-10-27 03:06 - 00000000 ____D C:\users\feirio
2013-06-12 00:55 - 2011-10-30 11:48 - 00000000 ____A C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
2013-06-12 00:04 - 2013-05-29 22:47 - 00000000 ____D C:\Windows\pss
2013-06-11 22:37 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-11 22:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-11 22:36 - 2013-03-26 23:10 - 00000000 ____D C:\Users\feirio\AppData\Roaming\TP-LINK
2013-06-11 22:36 - 2012-05-20 08:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-11 22:36 - 2012-05-20 08:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-11 22:36 - 2012-05-05 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-11 22:36 - 2011-11-21 02:12 - 00000000 ____D C:\Users\feirio\AppData\Roaming\vlc
2013-06-11 22:36 - 2011-10-27 03:37 - 00000000 ____D C:\ProgramData\Norton
2013-06-11 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-11 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-11 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-11 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-11 22:35 - 2011-10-27 03:37 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2013-06-11 22:34 - 2013-02-06 12:00 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-11 22:34 - 2013-01-12 12:44 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-06-11 22:34 - 2011-11-25 02:56 - 00000000 ____D C:\Users\feirio\AppData\Roaming\SoftGrid Client
2013-06-11 22:34 - 2011-11-15 02:21 - 00000000 ____D C:\Users\feirio\AppData\Local\Google
2013-06-11 22:34 - 2011-11-15 02:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-11 22:34 - 2011-10-27 03:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-11 22:34 - 2011-10-27 03:22 - 00000000 ____D C:\ProgramData\Adobe
2013-06-11 22:34 - 2011-10-27 03:22 - 00000000 ____D C:\Program Files (x86)\_Programme
2013-06-11 22:28 - 2013-06-11 22:28 - 00000000 ____D C:\Users\feirio\AppData\Local\{26FEC8C9-6E70-40DC-BFF1-1955C173FE6A}
2013-06-11 21:42 - 2013-06-11 21:42 - 00000000 ____D C:\Users\feirio\AppData\Local\{FF4782A2-F481-4168-AE01-55C50C593ACF}
2013-06-11 15:57 - 2013-06-11 15:56 - 00000000 ____D C:\Users\feirio\AppData\Local\{3F69B991-7404-43AD-81E1-A1062939E37D}
2013-06-11 13:36 - 2011-10-28 03:59 - 00058804 ____A C:\Users\feirio\Desktop\zu erledigen neu.txt
2013-06-11 03:58 - 2013-05-23 21:51 - 00026873 ____A C:\Users\feirio\Desktop\Ideen.txt
2013-06-11 03:56 - 2013-06-11 03:56 - 00000000 ____D C:\Users\feirio\AppData\Local\{F19327ED-7D7D-4CE2-B91E-B96039A6EFAE}
2013-06-11 02:39 - 2013-06-11 02:39 - 1078867224 ____A C:\Users\feirio\Downloads\Motorsport__FIA_WTCC_2013_Tourenwagen_Weltmeisterschaft_Volokolamsk_RUS_13.06.09_12-00_eurosport_60_TVOON_DE.mpg.avi
2013-06-11 02:19 - 2013-06-11 02:19 - 897681766 ____A C:\Users\feirio\Downloads\Motorrad__FIM_Superbike_Weltmeisterschaft_2013_in_Portimao_POR_13.06.09_13-00_eurosport_60_TVOON_DE.mpg.avi
2013-06-10 22:10 - 2011-10-28 22:02 - 00000000 ____D C:\Users\feirio\AppData\Local\CrashDumps
2013-06-10 12:30 - 2013-06-10 12:29 - 00000000 ____D C:\Users\feirio\AppData\Local\{09F98E37-A521-4216-8818-A21CF3D4178D}
2013-06-10 01:04 - 2012-06-14 17:27 - 00107259 ____A C:\Users\feirio\Desktop\Hase.txt
2013-06-09 14:42 - 2013-06-09 14:42 - 00000000 ____D C:\Users\feirio\AppData\Local\{7A9DB77B-325D-4F91-BE2B-7E596F3AF5B1}
2013-06-08 11:58 - 2013-06-08 11:58 - 00000000 ____D C:\Users\feirio\AppData\Local\{23DF1FD2-76D7-4847-9D05-3A394CEAAA5A}
2013-06-08 04:42 - 2011-11-10 16:19 - 00683038 ____A C:\Users\feirio\Desktop\11.11.2011 - temp_Handy.txt
2013-06-07 15:59 - 2012-09-23 20:59 - 00003295 ____A C:\Users\feirio\Desktop\Partnerdaten.txt
2013-06-07 11:37 - 2013-06-07 11:37 - 00000000 ____D C:\Users\feirio\AppData\Local\{4461D250-CBCB-43CD-A1AC-C9E346F76AE4}
2013-06-07 01:35 - 2011-11-08 03:34 - 00214198 ____A C:\Users\feirio\Desktop\Merkzettel.txt
2013-06-06 11:20 - 2013-06-06 11:20 - 00000000 ____D C:\Users\feirio\AppData\Local\{63736CE8-0C1E-4DB6-8085-0D91642BCA70}
2013-06-05 12:02 - 2013-06-05 12:01 - 00000000 ____D C:\Users\feirio\AppData\Local\{D1933FDC-7EBA-4BA8-8C63-F88025B85899}
2013-06-04 14:49 - 2013-06-04 14:42 - 495985145 ____A C:\Users\feirio\Downloads\WTFF.zip
2013-06-04 13:09 - 2013-06-04 13:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{AAF17BAC-323F-4D9D-A14B-FFFE8E6163DF}
2013-06-03 12:16 - 2013-06-03 12:16 - 00000000 ____D C:\Users\feirio\AppData\Local\{1A9C4E86-BA22-4EDB-87E8-B1994A5EBCAF}
2013-06-03 00:55 - 2012-08-09 23:13 - 00008303 ____A C:\Users\feirio\Desktop\Joy.txt
2013-06-02 12:52 - 2013-06-02 12:52 - 00000000 ____D C:\Users\feirio\AppData\Local\{11533A9B-C0C9-404C-AEB0-2B638DC7BE14}
2013-06-01 14:25 - 2013-06-01 14:25 - 00000000 ____D C:\Users\feirio\AppData\Local\{2D72CD65-5710-42A2-AA2A-8BF2C3E26C9A}
2013-05-31 11:41 - 2013-05-31 11:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{8173BB33-8C57-48A4-B290-44FA221F58C2}
2013-05-31 02:53 - 2011-11-09 04:24 - 00000000 ____D C:\Users\feirio\AppData\Roaming\FileZilla
2013-05-31 02:03 - 2013-05-31 02:03 - 00004533 ____A C:\Users\feirio\Desktop\Zeichen.odt
2013-05-30 10:28 - 2013-05-30 10:27 - 00000000 ____D C:\Users\feirio\AppData\Local\{0102B59B-3A7C-4F70-BA20-33088EAA7EA4}
2013-05-30 00:52 - 2011-11-08 03:35 - 00000000 ____D C:\Users\feirio\Desktop\Handy
2013-05-29 12:41 - 2013-05-29 12:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{01163249-E9B5-4EC1-989F-98F750E4A06C}
2013-05-28 11:27 - 2013-05-28 11:27 - 00000000 ____D C:\Users\feirio\AppData\Local\{FE6C4E3A-AA50-486B-89C0-4C370CFB8680}
2013-05-28 02:32 - 2013-01-07 11:23 - 00001800 ____A C:\Users\feirio\Desktop\Signaturen.txt
2013-05-27 11:37 - 2013-05-27 11:37 - 00000000 ____D C:\Users\feirio\AppData\Local\{138981D6-812F-4C98-8FCF-C56E86764085}
2013-05-27 11:35 - 2010-11-21 05:47 - 00024138 ____A C:\Windows\PFRO.log
2013-05-26 22:16 - 2013-05-26 13:52 - 00000000 ____D C:\Program Files (x86)\IlemiTVApp.com
2013-05-26 22:08 - 2013-05-26 22:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{2D1F7593-F6BC-4520-B043-ED5037249128}
2013-05-26 13:54 - 2013-05-26 13:54 - 00000000 ____D C:\Users\feirio\AppData\Roaming\Babylon
2013-05-26 13:54 - 2013-05-26 13:54 - 00000000 ____D C:\ProgramData\Babylon
2013-05-25 23:33 - 2013-05-25 23:33 - 00000000 ____D C:\Users\feirio\AppData\Local\{CDBCDBDF-FBF5-470F-B22B-814EED9115E6}
2013-05-25 10:30 - 2013-05-25 10:30 - 00000000 ____D C:\Users\feirio\AppData\Local\{B8459C05-B3E5-41DD-B056-64DA86B8663F}
2013-05-24 15:27 - 2013-05-24 15:27 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-24 15:27 - 2013-05-24 15:27 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-24 15:27 - 2012-02-16 15:07 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-24 15:27 - 2012-02-16 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-24 15:27 - 2012-02-16 15:07 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-24 15:27 - 2011-11-07 23:01 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-24 12:04 - 2013-05-24 12:04 - 00000000 ____D C:\Users\feirio\AppData\Local\{5BB98FB3-77DC-4C13-A00B-79B68B15BD84}
2013-05-23 12:41 - 2013-05-23 12:41 - 00000000 ____D C:\Users\feirio\AppData\Local\{35884DEE-6051-4163-A517-C323AD9F9F7A}
2013-05-22 12:08 - 2013-05-22 12:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{0B3A8347-B66F-4E08-B428-B392A6072F71}
2013-05-22 03:04 - 2013-05-22 03:04 - 00013309 ____A C:\Users\feirio\Downloads\Abrechnung_246446-bearbeitet.csv
2013-05-22 03:03 - 2013-05-21 14:07 - 00013309 ____A C:\Users\feirio\Downloads\Abrechnung_246446.csv
2013-05-21 11:36 - 2013-05-21 11:35 - 00000000 ____D C:\Users\feirio\AppData\Local\{3798F1F8-A958-4E65-92DA-3A260A9D1A75}
2013-05-20 12:59 - 2013-05-20 12:59 - 00000000 ____D C:\Users\feirio\AppData\Local\{530135A1-5E61-4D2F-B5EF-937EBA245D75}
2013-05-19 13:54 - 2013-05-19 13:54 - 00000000 ____D C:\Users\feirio\AppData\Local\{E358F5F8-9A72-4BF4-8C08-35DE818E6FB2}
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\Users\feirio\AppData\Local\{B8D49CFC-6C2C-4287-A73A-CB66E89B02D0}
2013-05-17 11:07 - 2012-03-30 13:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-17 11:07 - 2011-10-27 18:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-17 11:06 - 2013-05-17 11:06 - 00000000 ____D C:\Users\feirio\AppData\Local\{394C06C4-0DC4-4977-8A48-229055B0BF3C}
2013-05-16 11:08 - 2013-05-16 11:08 - 00000000 ____D C:\Users\feirio\AppData\Local\{F75F1CDD-BB2C-4D9E-B14F-11F15FD9D5E4}
2013-05-16 11:07 - 2009-07-14 06:45 - 00330904 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 19:58 - 2011-10-28 17:27 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 10:32 - 2013-05-15 10:31 - 00000000 ____D C:\Users\feirio\AppData\Local\{CED57C8D-3CC0-4AAD-AB69-F22539589F6F}
2013-05-14 20:16 - 2012-10-09 19:08 - 00000000 ____D C:\Users\feirio\Desktop\Ich auf Korfu
2013-05-14 13:05 - 2013-05-14 13:04 - 00000000 ____D C:\Users\feirio\AppData\Local\{73B0F3C5-3973-4A19-BE6C-90CD8058EB8A}
2013-05-13 11:25 - 2013-05-13 11:25 - 00000000 ____D C:\Users\feirio\AppData\Local\{25B82089-A9FD-46E2-95CA-9589C9328E5C}
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 13:49
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2013 03
Ran by feirio at 2013-06-12 13:17:47 Run:
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
6000E609_eDocs (Version: 1.00.0000)
6000E609_Help (Version: 1.00.0000)
6000E609a (Version: 140.0.000.000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe GoLive CS2 (Version: 8.0)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Stock Photos 1.0 (Version: 1.0.1)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Version Cue CS2 (Version: 2.0)
AI Suite II (Version: 1.01.20)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
ATI AVIVO64 Codecs (Version: 11.6.0.10112)
ATI Catalyst Install Manager (Version: 3.0.812.0)
Biet-O-Matic v2.14.8 (Version: 2.14.8)
Bluetooth Win7 Suite (64) (Version: 7.2.0.40)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Configuration Utility (Version: 1.0.10.0)
BufferChm (Version: 140.0.213.000)
CamStudio Lossless Codec
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0112.2151.39168)
Catalyst Control Center InstallProxy (Version: 2011.0112.2151.39168)
Catalyst Control Center Localization All (Version: 2011.0112.2151.39168)
CCC Help Chinese Standard (Version: 2011.0112.2150.39168)
CCC Help Chinese Traditional (Version: 2011.0112.2150.39168)
CCC Help Czech (Version: 2011.0112.2150.39168)
CCC Help Danish (Version: 2011.0112.2150.39168)
CCC Help Dutch (Version: 2011.0112.2150.39168)
CCC Help English (Version: 2011.0112.2150.39168)
CCC Help Finnish (Version: 2011.0112.2150.39168)
CCC Help French (Version: 2011.0112.2150.39168)
CCC Help German (Version: 2011.0112.2150.39168)
CCC Help Greek (Version: 2011.0112.2150.39168)
CCC Help Hungarian (Version: 2011.0112.2150.39168)
CCC Help Italian (Version: 2011.0112.2150.39168)
CCC Help Japanese (Version: 2011.0112.2150.39168)
CCC Help Korean (Version: 2011.0112.2150.39168)
CCC Help Norwegian (Version: 2011.0112.2150.39168)
CCC Help Polish (Version: 2011.0112.2150.39168)
CCC Help Portuguese (Version: 2011.0112.2150.39168)
CCC Help Russian (Version: 2011.0112.2150.39168)
CCC Help Spanish (Version: 2011.0112.2150.39168)
CCC Help Swedish (Version: 2011.0112.2150.39168)
CCC Help Thai (Version: 2011.0112.2150.39168)
CCC Help Turkish (Version: 2011.0112.2150.39168)
ccc-core-static (Version: 2011.0112.2151.39168)
ccc-utility64 (Version: 2011.0112.2151.39168)
CyberLink BD_3D Advisor 2.0 (Version: 2.0.4606)
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink LG Burning Tool (Version: 6.2.3714)
CyberLink MediaShow (Version: 4.1.3402)
CyberLink PowerBackup (Version: 2.5.4511)
CyberLink PowerDVD 9 (Version: 9.0.2919.52)
CyberLink PowerProducer (Version: 5.0.1.1520)
CyberLink YouCam (Version: 1.0.2609)
D3DX10 (Version: 15.4.2368.0902)
DeviceDiscovery (Version: 140.0.213.000)
Dropbox (Version: 2.0.22)
ElsterFormular (Version: 13.2.0.8623k)
EPSON Scan
FileZilla Client 3.5.2 (Version: 3.5.2)
Free Download Manager 3.9.2
Google Chrome (Version: 27.0.1453.110)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 5.4.0.1082 (Version: 5.4.0.1082)
GPBaseService2 (Version: 140.0.212.000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6000 E609 Series (Version: 14.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
HydraVision (Version: 4.2.184.0)
HyperCam 3 (Version: 3.3.1109.19)
ICQ7.6 (Version: 7.6)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel® Watchdog Timer Driver (Intel® WDT)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Kies Air Discovery Service
LG Tool Kit (Version: 10.01.0712.01)
LightScribe System Software (Version: 1.18.14.1)
Macromedia Dreamweaver MX 2004 (Version: 7.0.1)
Macromedia Extension Manager (Version: 1.5)
Macromedia Fireworks MX 2004 (Version: 7.0.2)
Macromedia Flash MX 2004 (Version: 7.2)
Macromedia FreeHand MXa (Version: 11.0.2)
Macromedia HomeSite+
marvell 91xx driver (Version: 1.0.0.1051)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.6109.5003)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Network64 (Version: 140.0.215.000)
Norton Internet Security (Version: 20.3.1.22)
OpenOffice.org 3.3 (Version: 3.3.9567)
PNotes 8.0.110 (Version: 8.0.110)
ProductContext (Version: 140.0.000.000)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (Version: 140.0.213.000)
SolutionCenter (Version: 140.0.214.000)
Status (Version: 140.0.256.000)
Suite Specific (Version: 2.0.0)
Toolbox (Version: 140.0.428.000)
TopStyle Lite (Version 3.0) (Version: 3.1.0)
TP-LINK TL-WN821N_WN822N Treiber (Version: 1.2.1)
TP-LINK-Konfigurationstool (Version: 1.2.1)
TrayApp (Version: 140.0.213.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
Vodafone Mobile Broadband Lite (Version: 10.3.2.34962)
WebReg (Version: 140.0.213.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WizMouse v1.6.0.2
WMV9/VC-1 Video Playback (Version: 1.00.0000)
XSBoxGO 1.0.0.0 (Version: 1.0.0.0)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2013 01:03:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 01:01:14 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 05:04:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 05:02:20 AM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 03:59:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 03:57:57 AM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 03:55:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 03:53:17 AM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 02:43:15 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (06/12/2013 02:34:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/12/2013 05:02:16 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?12.?06.?2013 um 04:56:49 unerwartet heruntergefahren.
Error: (06/12/2013 03:57:53 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?12.?06.?2013 um 03:52:07 unerwartet heruntergefahren.
Error: (06/12/2013 03:53:13 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?12.?06.?2013 um 03:18:00 unerwartet heruntergefahren.
Error: (06/12/2013 02:33:07 AM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8b75979ad, 0xb3b7465f09d7b73f, 0xfffff880009be6c0, 0x0000000000000002)C:\Windows\MEMORY.DMP061213-8845-01
Error: (06/12/2013 02:33:06 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?12.?06.?2013 um 02:31:23 unerwartet heruntergefahren.
Error: (06/12/2013 02:18:28 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?12.?06.?2013 um 01:54:17 unerwartet heruntergefahren.
Error: (06/12/2013 00:55:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/12/2013 00:55:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/12/2013 00:55:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/12/2013 00:55:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (06/12/2013 01:03:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 01:01:14 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 05:04:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 05:02:20 AM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 03:59:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 03:57:57 AM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 03:55:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2013 03:53:17 AM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue
Error: (06/12/2013 02:43:15 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (06/12/2013 02:34:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 8168.85 MB
Available physical RAM: 4990.78 MB
Total Pagefile: 16335.89 MB
Available Pagefile: 12898.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:36.75 GB) NTFS (Disk=0 Partition=2)
Drive i: (Arbeit) (Fixed) (Total:97.66 GB) (Free:30.29 GB) NTFS (Disk=1 Partition=2)
Drive j: (Daten) (Fixed) (Total:833.85 GB) (Free:336.45 GB) NTFS (Disk=1 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 872D171D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 765CD0BE)
Partition 1: (Not Active) - (Size=834 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
12.06.2013, 15:49
| #4 |
| /// the machine /// TB-Ausbilder | Blue Screens nach Installation der Software ILEMI Schick mal bitte das Bild. Windows-Taste+R > schreibe chkdsk /f /r und drücke Enter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2013, 16:53
| #5 |
| | Blue Screens nach Installation der Software ILEMI Ich verstehe nicht ganz was für ein Bild ich schicken soll. Wenn ich die Eingabe ausführe, erscheint die Meldung, die ich als Grafik angehängt habe. Allerdings bin ich inzwischen wohl auch auf die Lösung meines Problems gestoßen. Mir fiel nämlich auf, dass bei den letzten Abstürzen immer genau eine Stunde zwischen dem Neustart und dem nächsten Blue Screen verging. Offenbar hat meine Festplatte (Crucial M4) ein Firmware-Problem. Ich werde also nun erst einmal die neue Firmware installieren. hxxp://www.computerbase.de/news/2012-01/crucial-verspricht-abhilfe-fuer-blue-screen-problem-der-m4/ Ich werde berichten, ob danach wieder alles funktioniert. |
|
12.06.2013, 19:41
| #6 |
| /// the machine /// TB-Ausbilder | Blue Screens nach Installation der Software ILEMI Deswegen hab ich ja auch chkdsk angefordert, ich denke auch es ist die Platte 
__________________ --> Blue Screens nach Installation der Software ILEMI |
|
12.06.2013, 21:51
| #7 |
| | Blue Screens nach Installation der Software ILEMI Nach dem Firmware-Update der Festplatte läuft der Rechner nun schon seit 3 Stunden ohne Probleme. Das scheint also wirklich die Ursache gewesen zu sein. Trotzdem noch einmal vielen Dank für die Hilfe hier! |
|
13.06.2013, 07:37
| #8 |
| /// the machine /// TB-Ausbilder | Blue Screens nach Installation der Software ILEMI Null problemo
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Blue Screens nach Installation der Software ILEMI |
| adobe, bho, blue screen, browser, computer, e-mail, entfernen, firefox, format, free download, google, helper, ilemi, ilemitvapps_setup33.exe, installation, internet, kernel_data_inpage_error, mozilla, plug-in, problem, programm, realtek, registry, rückgängig, security, software, starten, symantec, tarma, taskleiste, taskmanager, usb, windows, ändern |
Linear-Darstellung
