| |
| |||||||
Log-Analyse und Auswertung: windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.06.2013, 19:36
| #1 |
| |  windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht liebe helfer,  ich versuche seit ein paar wochen mit windows 7 (home premium) klar zu kommen. anfangs war alles ganz flott, mittlerweile startet der rechner relativ langsam, und wenn ich mit mozilla etwas suche und einen link anklicke, lande ich meistens irgendwo (ebay, marktplatz (oder so ähnlich), die muss ich dann erst schliessen und dann erneut aufrufen. seit zwei tagen versuche ich nun , die" terratec cinergy s usb" zum laufen zu bringen (mit hilfe des support-teams von terratec), doch auch das scheitert... ich schaffe es nicht einmal, den aktuellen graka-treiber zu installieren es ist ein sony-vaio-notebook, typenbezeichnung VPCE2S1E, sony support gibt dieses modell nicht an - ohne eine ergänzung, die ich weder über everest nocht sonstwie ausfindig machen kann  ich blick jetzt nicht mehr so richtig durch: das langsame hochfahren und das langsame laden der programme, dann funktioniert es alles leidlich. doch es nervt. (anfangs war alles prima...) hoffentlich könnt ihr mir helfen???  hier jetzt die vorbereiteten files: beim defrogger konnte ich nur "disable" drücken, ich bekam keinen txt-file. hier der otl full scan OTL logfile created on: 20.06.2013 18:13:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bri\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,74% Memory free 7,99 Gb Paging File | 5,08 Gb Available in Paging File | 63,63% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,67 Gb Total Space | 401,29 Gb Free Space | 88,07% Space Free | Partition Type: NTFS Computer Name: BRIDGET-VAIO | User Name: bri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.20 18:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bri\Desktop\OTL.exe PRC - [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.06.13 11:17:50 | 011,077,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013.06.13 11:08:28 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2013.06.11 23:21:36 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\bri\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.13 16:58:20 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\SoundFrost\SoundFrostService.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.06 10:52:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\SchoenerFernsehen\SchoenerFernsehen.exe PRC - [2012.10.12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.05.14 15:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.03.02 17:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.02.19 20:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe PRC - [2010.01.21 21:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.06.15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013.06.15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013.06.15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013.06.15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013.06.15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013.06.15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013.06.11 23:21:32 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.13 16:58:20 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\SoundFrost\SoundFrostService.exe MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.03.06 10:52:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\SchoenerFernsehen\SchoenerFernsehen.exe MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\bri\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 13:27:08 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.04.07 05:04:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.06.11 23:21:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.20 23:24:14 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\bridget\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.10.12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2012.03.30 13:27:14 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.01.20 13:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 13:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.14 15:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.03.25 15:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 20:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.11.25 05:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.11.25 05:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.09.04 14:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.07 13:45:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.28 19:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2012.09.24 16:45:02 | 000,170,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.08.26 06:11:04 | 000,306,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.05.14 11:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 11:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.07 06:08:44 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.07 05:04:49 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2010.04.07 05:04:22 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.07 05:04:22 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 13:21:21 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.09 10:59:23 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.09 10:09:06 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.03.09 10:09:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.09 09:56:08 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.03.09 08:09:24 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.03.09 08:09:24 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.03.09 08:09:24 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.09 08:09:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.03.09 08:09:11 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.03.09 05:23:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.04 16:15:18 | 000,631,360 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mod7700.sys -- (mod7700) DRV:64bit: - [2009.11.04 16:15:18 | 000,023,744 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ModRc.sys -- (MODRC) DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm284^YY^de&si=CKncjofiubUCFdHMzAod7wEADw&ptb=09055AE7-0D37-4D3B-A555-11D6C9EF4554&psa=&ind=2013051203&st=sb&n=77fcb943&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08DCB611 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=4AE57EDD08DCB611 IE - HKCU\..\SearchScopes\{287EDA1B-8870-479B-BECE-E49E380D047C}: "URL" = hxxp://services.zinio.com.anonymize-me.de/?anonymto=687474703A2F2F73657276696365732E7A696E696F2E636F6D2F7365617263683F733D7B7365617263685465726D737D2672663D736F6E79736C69636573&st={searchTerms }&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{3C7C94D8-410E-458C-AEF7-C986722C1CE1}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E677561 67657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726 726C7A3D314937535645445F656E4445353335&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0&rlz=1I7SVED_enDE535 IE - HKCU\..\SearchScopes\{865F638F-715C-4E33-88CC-D6B4F8FB5CD6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{A6FCE5F5-2EA5-432C-B79B-7D403F070BF6}: "URL" = hxxp://de.shopping.com.anonymize-me.de/?anonymto=687474703A2F2F64652E73686F7070696E672E636F6D2F3F6C696E6B696E5F69643D38303536333633&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{B8A43297-3101-4B06-9659-F6621A2B3B67}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D5550303944462650433D5550303926713D7B7365617263685465726D737D267372633D49452D 536561726368426F78&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{BDB15076-0ECB-449B-AC59-274A4E6F10FC}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D33373237362D31363630392D302F343F73617469746C653D7B7365617263685465726D73 7D&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{BECDEC90-97B9-4974-A736-3652F666BECA}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DD2CD208-6F7F-48BF-B6AD-1DA9746C9AD4}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F3A2BF54-2FDC-4E5D-B6E6-5AC90AA26C64}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isamg.sv.de:8080 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: SoundFrost%40helper.com:3.7.0 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013.01.15 08:46:08 | 000,000,000 | ---D | M] FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013.01.15 08:46:08 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 03:12:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013.05.20 23:30:02 | 000,038,116 | ---- | M] () [2013.01.13 19:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bri\AppData\Roaming\mozilla\Extensions [2013.06.18 16:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bri\AppData\Roaming\mozilla\Firefox\Profiles\1liqlnml.default\extensions [2013.06.18 16:52:05 | 000,561,109 | ---- | M] () (No name found)\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\extensions\toolbar@gmx.net.xpi [2013.05.19 07:42:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.30 07:28:49 | 000,006,503 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\babylon.xml [2013.05.20 23:24:23 | 000,001,382 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\BrowserProtect.xml [2013.05.30 07:29:01 | 000,001,294 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\delta.xml [2013.06.20 13:08:57 | 000,001,645 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\ixquick-http---deutsch.xml [2013.06.20 13:08:57 | 000,001,655 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\ixquick-https---deutsch.xml [2013.05.20 23:24:23 | 000,010,151 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\my-web-search.xml [2013.05.24 19:59:26 | 000,001,742 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\search-the-web.xml [2013.05.20 23:24:24 | 000,002,188 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{058A9F0F-5E42-4859-95F6-E26F9C3861CD}.xml [2013.05.20 23:24:24 | 000,002,522 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{3BB514F4-1524-4DD0-850B-6CFD3C2365F0}.xml [2013.05.20 23:24:24 | 000,024,039 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{BB289F03-6541-432C-ADC0-893E30D7F6E0}.xml [2013.05.20 23:24:24 | 000,002,077 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{D7C0463F-5B1B-42CB-AE9C-2B40DBFA17E1}.xml [2013.05.20 23:24:24 | 000,001,094 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{DAA98208-F701-428E-9527-CA8EF2FAFDB7}.xml [2013.05.20 23:24:24 | 000,001,870 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{ED1E5EC1-5C25-4C43-8FC7-9261C9B7CE2D}.xml [2013.05.30 07:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.18 09:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 09:10:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.18 09:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.05.18 09:10:12 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013.05.20 23:30:02 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\SOUNDFROST\SOUNDFROST.XPI [2013.02.13 21:08:22 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs CHR - default_search_provider: suggest_url = https://www.google.com/complete/search?q={searchTerms}, CHR - homepage: hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08DCB611 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - Extension: SoundFrost = C:\Users\bridget\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SoundFrost) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\PROGRA~2\SOUNDF~1\SOUNDF~1.DLL (SoundFrost Company) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\bridget\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SoundFrost] C:\Program Files (x86)\SoundFrost\SoundFrost.exe (SoundFrost Company) O4 - HKCU..\Run: [SoundFrost Service] C:\Program Files (x86)\SoundFrost\SoundFrostService.exe () O4 - Startup: C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bridget\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F8281C9-C8BC-4AC3-A217-B2644EF929E7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell - "" = AutoRun O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.20 18:10:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bridget\Desktop\OTL.exe [2013.06.20 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\bridget\Desktop\rechner probleme juni 2013 [2013.06.19 17:10:33 | 000,301,688 | ---- | C] (Thesycon GmbH) -- C:\Users\bridget\Desktop\dpclat.exe [2013.06.19 15:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.06.19 07:27:03 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.19 07:26:54 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.19 07:26:54 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.19 07:26:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.19 06:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SchoenerFernsehen [2013.06.18 20:54:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.06.18 20:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.06.18 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\iolo [2013.06.18 19:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo [2013.06.18 19:34:06 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll [2013.06.18 19:34:06 | 000,021,176 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolorgdf64.exe [2013.06.18 19:16:39 | 141,110,624 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\bridget\Desktop\13-4_win7_win8_64_dd_ccc_whql.exe [2013.06.18 18:53:04 | 000,000,000 | ---D | C] -- C:\AMD [2013.06.17 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraTec [2013.06.17 12:34:23 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\TerraTec [2013.06.17 07:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters [2013.06.17 07:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters [2013.06.16 14:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV [2013.06.16 14:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer TERRATEC Edition [2013.06.16 14:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVBViewer TERRATEC Edition [2013.06.16 13:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERRATEC Electronic GmbH [2013.06.15 04:18:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 04:18:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.13 06:07:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.13 06:07:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.13 06:07:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.13 06:07:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.13 06:07:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.13 06:07:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.13 06:07:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.13 06:07:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.13 06:07:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.13 06:07:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 06:07:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 06:07:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 06:07:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:46:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:46:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 18:46:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:46:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:46:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 18:45:56 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:45:55 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:45:55 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:45:54 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:45:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 18:45:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 18:45:44 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 18:45:44 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.08 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\Outlook-Dateien [2013.06.07 17:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.06.07 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.06.07 14:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.06.07 14:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.06.07 14:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.06.07 14:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2013.06.07 14:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.06.07 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.06.07 14:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.06.07 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.06.07 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.06.07 13:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.06.07 13:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.06.07 13:48:22 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.06.07 13:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.06.07 13:45:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.07 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\DAEMON Tools Lite [2013.06.07 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.06.07 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.06.06 09:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.01 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\Ryzoom Insolvenz [2013.05.30 07:30:44 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys [2013.05.30 07:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.05.30 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\Dealply [2013.05.30 07:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics [2013.05.26 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\bridget\4.0 [2013.05.26 23:04:36 | 000,000,000 | ---D | C] -- C:\Users\bridget\.tfo4 [2013.05.26 22:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.26 22:55:15 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.24 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\office 2013 ordner [2013.05.24 22:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2013.05.24 22:31:53 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\Roxio [2013.05.22 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.20 18:12:01 | 000,377,856 | ---- | M] () -- C:\Users\bridget\Desktop\gmer_2.1.19163.exe [2013.06.20 18:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bridget\Desktop\OTL.exe [2013.06.20 18:08:17 | 000,000,000 | ---- | M] () -- C:\Users\bridget\defogger_reenable [2013.06.20 18:08:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.20 18:07:58 | 000,050,477 | ---- | M] () -- C:\Users\bridget\Desktop\Defogger.exe [2013.06.20 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.20 08:04:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.06.19 21:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.19 17:47:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 17:47:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 17:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 17:39:24 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2013.06.19 17:15:17 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.06.19 17:12:50 | 000,029,454 | ---- | M] () -- C:\Users\Public\Documents\cc_20130619_171246.reg [2013.06.19 17:10:42 | 000,301,688 | ---- | M] (Thesycon GmbH) -- C:\Users\bridget\Desktop\dpclat.exe [2013.06.19 17:08:54 | 000,087,443 | ---- | M] () -- C:\Users\bridget\Desktop\esslingen senderliste.chl [2013.06.19 06:43:22 | 000,001,133 | ---- | M] () -- C:\Users\bridget\Desktop\SchoenerFernsehen.lnk [2013.06.19 03:11:28 | 001,765,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.19 03:11:28 | 000,767,030 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 03:11:28 | 000,710,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 03:11:28 | 000,172,472 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 03:11:28 | 000,140,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.19 03:11:17 | 001,765,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.18 21:45:33 | 000,015,898 | ---- | M] () -- C:\Users\Public\Documents\cc_20130618_214311.reg [2013.06.18 20:51:09 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk [2013.06.18 19:34:07 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll [2013.06.18 19:20:15 | 141,110,624 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\bridget\Desktop\13-4_win7_win8_64_dd_ccc_whql.exe [2013.06.18 18:25:48 | 000,003,262 | ---- | M] () -- C:\Users\Public\Documents\cc_20130618_182543.reg [2013.06.17 06:47:41 | 000,004,244 | ---- | M] () -- C:\Users\Public\Documents\cc_20130617_033131.reg [2013.06.16 14:00:54 | 000,001,133 | ---- | M] () -- C:\Users\bridget\Desktop\DVBViewer TERRATEC Edition.lnk [2013.06.13 11:28:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2013.06.12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.06.12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.11 23:21:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.11 23:21:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.08 03:47:30 | 000,472,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.07 13:46:33 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.07 13:45:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.04 05:23:59 | 000,001,055 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.04 05:23:13 | 000,001,027 | ---- | M] () -- C:\Users\bridget\Desktop\Dropbox.lnk [2013.05.24 21:03:50 | 000,211,864 | ---- | M] () -- C:\Users\bridget\Documents\cc_20130524_210343.reg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.20 18:11:59 | 000,377,856 | ---- | C] () -- C:\Users\bridget\Desktop\gmer_2.1.19163.exe [2013.06.20 18:08:17 | 000,000,000 | ---- | C] () -- C:\Users\bridget\defogger_reenable [2013.06.20 18:07:58 | 000,050,477 | ---- | C] () -- C:\Users\bridget\Desktop\Defogger.exe [2013.06.19 17:15:17 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.06.19 17:12:48 | 000,029,454 | ---- | C] () -- C:\Users\Public\Documents\cc_20130619_171246.reg [2013.06.19 17:08:54 | 000,087,443 | ---- | C] () -- C:\Users\bridget\Desktop\esslingen senderliste.chl [2013.06.19 06:43:22 | 000,001,133 | ---- | C] () -- C:\Users\bridget\Desktop\SchoenerFernsehen.lnk [2013.06.18 21:43:19 | 000,015,898 | ---- | C] () -- C:\Users\Public\Documents\cc_20130618_214311.reg [2013.06.18 19:34:07 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2013.06.18 19:33:56 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk [2013.06.18 18:25:46 | 000,003,262 | ---- | C] () -- C:\Users\Public\Documents\cc_20130618_182543.reg [2013.06.17 06:47:30 | 000,004,244 | ---- | C] () -- C:\Users\Public\Documents\cc_20130617_033131.reg [2013.06.16 14:00:54 | 000,001,133 | ---- | C] () -- C:\Users\bridget\Desktop\DVBViewer TERRATEC Edition.lnk [2013.06.07 13:46:33 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.04 05:23:59 | 000,001,055 | ---- | C] () -- C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.30 07:30:46 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.05.30 07:30:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.05.30 07:28:40 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Dealply.job [2013.05.24 21:03:46 | 000,211,864 | ---- | C] () -- C:\Users\bridget\Documents\cc_20130524_210343.reg [2013.05.20 23:30:05 | 000,000,306 | RHS- | C] () -- C:\Users\bridget\ntuser.pol [2013.05.20 23:24:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.05.16 07:21:22 | 000,000,017 | ---- | C] () -- C:\Users\bridget\AppData\Local\resmon.resmoncfg [2013.05.13 03:17:10 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.05.12 08:45:32 | 001,765,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.04 14:54:15 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2013.01.04 14:44:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > ******************************* hier der GMER scan GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-20 19:52:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000057 TOSHIBA_ rev.GJ00 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\bridget\AppData\Local\Temp\fwriakod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [65007200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!malloc] [6e006f00700073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy_s] [69002000650073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [7200650074006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1exception@@UEAA@XZ] [20006c00610076] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [650073006d0028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!realloc] [290063] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memmove_s] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@XZ] [77006f00440020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_CxxThrowException] [65005200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_callnewh] [6e006f00700073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__CxxFrameHandler3] [49002000650073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_XcptFilter] [7200650074006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_initterm] [20006c00610076] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_amsg_exit] [650073006d0028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_unlock] [4f004c0042005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__dllonexit] [49005f004b0043] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_lock] [5200450054004e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_onexit] [4c00410056] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memset] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_vsnwprintf] [65007a00690053] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!free] [200066006f0020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy] [20006500680074] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlGetNtProductType] [77006f00640020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!VerSetConditionMask] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlVirtualUnwind] [6c006200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlCaptureContext] [20006b0063006f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlLookupFunctionEntry] [200072006f0066] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetCurrentThreadId] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadLibraryW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!Sleep] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!TerminateProcess] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadResource] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!DisableThreadLibraryCalls] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegQueryValueExA] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegSetValueExW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegDeleteKeyW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegQueryInfoKeyW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemRealloc] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemAlloc] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemFree] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoUninitialize] [77006f00440020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoInitializeEx] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList] [74007300790073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupOpenInfFileW] [280020006d0065] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupFindFirstLineW] [73007400690042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetIntField] [6300650073002f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetMultiSzFieldW] [29] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiEnumDeviceInfo] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiOpenDevRegKey] [5400530045005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiGetClassDevsW] [4500520046005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupCloseInfFile] [410042005f0045] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetStringFieldW] [4900570044004e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[USER32.dll!CharNextW] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[USER32.dll!LoadStringW] [77006f00640020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogDeregisterW] [53006b0063006f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogRegisterW] [200065007a0069] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogEventW] [74007900420028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceDelete] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportRemove] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerDisconnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerDisconnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceCreate] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceEnum] [4ce79c9900000000] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceGetHandle] [200000000] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceTransportAdd] [1b0c00000025] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminTransportCreate] [110c] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerConnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportEnum] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceGetHandle] [69007400730045] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportAdd] [6500740061006d] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportGetHandle] [61006200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportCreate] [6900770064006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportDelete] [20006800740064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetHandle] [69006100760061] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetInfo] [6c00620061006c] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigBufferFree] [6f007400200065] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[slc.dll!SLGetWindowsInformationDWORD] [53005400490042] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free] [10000000000] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [6dd84e997a32] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose] [ffff9227b16685cd] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [2] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [7] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [8] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [9] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [a] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [32] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [b] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [1f4] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [0] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fe70ca Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbc0e751 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fe70ca (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbc0e751 (not active ControlSet) ---- EOF - GMER 2.1 ---- |
| Themen zu windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht |
| adobe, bho, bonjour, ebay, error, explorer, firefox, flash player, format, gmx.net, google, home, langsam, logfile, mozilla, ntdll.dll, object, plug-in, programme, realtek, registry, security, server, svchost.exe, temp, unlock, usb, windows |
Baum-Darstellung