| |
| |||||||
Log-Analyse und Auswertung: windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.06.2013, 19:36
| #1 |
| |  windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht liebe helfer,  ich versuche seit ein paar wochen mit windows 7 (home premium) klar zu kommen. anfangs war alles ganz flott, mittlerweile startet der rechner relativ langsam, und wenn ich mit mozilla etwas suche und einen link anklicke, lande ich meistens irgendwo (ebay, marktplatz (oder so ähnlich), die muss ich dann erst schliessen und dann erneut aufrufen. seit zwei tagen versuche ich nun , die" terratec cinergy s usb" zum laufen zu bringen (mit hilfe des support-teams von terratec), doch auch das scheitert... ich schaffe es nicht einmal, den aktuellen graka-treiber zu installieren es ist ein sony-vaio-notebook, typenbezeichnung VPCE2S1E, sony support gibt dieses modell nicht an - ohne eine ergänzung, die ich weder über everest nocht sonstwie ausfindig machen kann  ich blick jetzt nicht mehr so richtig durch: das langsame hochfahren und das langsame laden der programme, dann funktioniert es alles leidlich. doch es nervt. (anfangs war alles prima...) hoffentlich könnt ihr mir helfen???  hier jetzt die vorbereiteten files: beim defrogger konnte ich nur "disable" drücken, ich bekam keinen txt-file. hier der otl full scan OTL logfile created on: 20.06.2013 18:13:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bri\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,74% Memory free 7,99 Gb Paging File | 5,08 Gb Available in Paging File | 63,63% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,67 Gb Total Space | 401,29 Gb Free Space | 88,07% Space Free | Partition Type: NTFS Computer Name: BRIDGET-VAIO | User Name: bri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.20 18:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bri\Desktop\OTL.exe PRC - [2013.06.15 03:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.06.13 11:17:50 | 011,077,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013.06.13 11:08:28 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2013.06.11 23:21:36 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\bri\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.13 16:58:20 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\SoundFrost\SoundFrostService.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.06 10:52:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\SchoenerFernsehen\SchoenerFernsehen.exe PRC - [2012.10.12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.05.14 15:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.03.02 17:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.02.19 20:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe PRC - [2010.01.21 21:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.06.15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013.06.15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013.06.15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013.06.15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013.06.15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013.06.15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013.06.11 23:21:32 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.13 16:58:20 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\SoundFrost\SoundFrostService.exe MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.03.06 10:52:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\SchoenerFernsehen\SchoenerFernsehen.exe MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\bri\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 13:27:08 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.04.07 05:04:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.06.11 23:21:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.20 23:24:14 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\bridget\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.10.12 14:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2012.03.30 13:27:14 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.01.20 13:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 13:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.14 15:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.03.25 15:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 20:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.11.25 05:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.11.25 05:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.09.04 14:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.07 13:45:33 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.28 19:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2012.09.24 16:45:02 | 000,170,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.08.26 06:11:04 | 000,306,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.05.14 11:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.14 11:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.07 06:08:44 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.07 05:04:49 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2010.04.07 05:04:22 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.07 05:04:22 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 13:21:21 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.09 10:59:23 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.09 10:09:06 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.03.09 10:09:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.09 09:56:08 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.03.09 08:09:24 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.03.09 08:09:24 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.03.09 08:09:24 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.09 08:09:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.03.09 08:09:11 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.03.09 05:23:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.04 16:15:18 | 000,631,360 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mod7700.sys -- (mod7700) DRV:64bit: - [2009.11.04 16:15:18 | 000,023,744 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ModRc.sys -- (MODRC) DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm284^YY^de&si=CKncjofiubUCFdHMzAod7wEADw&ptb=09055AE7-0D37-4D3B-A555-11D6C9EF4554&psa=&ind=2013051203&st=sb&n=77fcb943&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08DCB611 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=4AE57EDD08DCB611 IE - HKCU\..\SearchScopes\{287EDA1B-8870-479B-BECE-E49E380D047C}: "URL" = hxxp://services.zinio.com.anonymize-me.de/?anonymto=687474703A2F2F73657276696365732E7A696E696F2E636F6D2F7365617263683F733D7B7365617263685465726D737D2672663D736F6E79736C69636573&st={searchTerms }&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{3C7C94D8-410E-458C-AEF7-C986722C1CE1}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E677561 67657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726 726C7A3D314937535645445F656E4445353335&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0&rlz=1I7SVED_enDE535 IE - HKCU\..\SearchScopes\{865F638F-715C-4E33-88CC-D6B4F8FB5CD6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{A6FCE5F5-2EA5-432C-B79B-7D403F070BF6}: "URL" = hxxp://de.shopping.com.anonymize-me.de/?anonymto=687474703A2F2F64652E73686F7070696E672E636F6D2F3F6C696E6B696E5F69643D38303536333633&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{B8A43297-3101-4B06-9659-F6621A2B3B67}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D5550303944462650433D5550303926713D7B7365617263685465726D737D267372633D49452D 536561726368426F78&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{BDB15076-0ECB-449B-AC59-274A4E6F10FC}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D33373237362D31363630392D302F343F73617469746C653D7B7365617263685465726D73 7D&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{BECDEC90-97B9-4974-A736-3652F666BECA}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DD2CD208-6F7F-48BF-B6AD-1DA9746C9AD4}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F3A2BF54-2FDC-4E5D-B6E6-5AC90AA26C64}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=d72ebc89-7535-4855-baef-614b415f0434&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = isamg.sv.de:8080 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: SoundFrost%40helper.com:3.7.0 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013.01.15 08:46:08 | 000,000,000 | ---D | M] FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2013.01.15 08:46:08 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 03:12:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013.05.20 23:30:02 | 000,038,116 | ---- | M] () [2013.01.13 19:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bri\AppData\Roaming\mozilla\Extensions [2013.06.18 16:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bri\AppData\Roaming\mozilla\Firefox\Profiles\1liqlnml.default\extensions [2013.06.18 16:52:05 | 000,561,109 | ---- | M] () (No name found)\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\extensions\toolbar@gmx.net.xpi [2013.05.19 07:42:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.30 07:28:49 | 000,006,503 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\babylon.xml [2013.05.20 23:24:23 | 000,001,382 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\BrowserProtect.xml [2013.05.30 07:29:01 | 000,001,294 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\delta.xml [2013.06.20 13:08:57 | 000,001,645 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\ixquick-http---deutsch.xml [2013.06.20 13:08:57 | 000,001,655 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\ixquick-https---deutsch.xml [2013.05.20 23:24:23 | 000,010,151 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\my-web-search.xml [2013.05.24 19:59:26 | 000,001,742 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\search-the-web.xml [2013.05.20 23:24:24 | 000,002,188 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{058A9F0F-5E42-4859-95F6-E26F9C3861CD}.xml [2013.05.20 23:24:24 | 000,002,522 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{3BB514F4-1524-4DD0-850B-6CFD3C2365F0}.xml [2013.05.20 23:24:24 | 000,024,039 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{BB289F03-6541-432C-ADC0-893E30D7F6E0}.xml [2013.05.20 23:24:24 | 000,002,077 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{D7C0463F-5B1B-42CB-AE9C-2B40DBFA17E1}.xml [2013.05.20 23:24:24 | 000,001,094 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{DAA98208-F701-428E-9527-CA8EF2FAFDB7}.xml [2013.05.20 23:24:24 | 000,001,870 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\mozilla\firefox\profiles\1liqlnml.default\searchplugins\{ED1E5EC1-5C25-4C43-8FC7-9261C9B7CE2D}.xml [2013.05.30 07:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.18 09:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 09:10:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.18 09:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.05.18 09:10:12 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013.05.20 23:30:02 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\SOUNDFROST\SOUNDFROST.XPI [2013.02.13 21:08:22 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs CHR - default_search_provider: suggest_url = https://www.google.com/complete/search?q={searchTerms}, CHR - homepage: hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08DCB611 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - Extension: SoundFrost = C:\Users\bridget\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SoundFrost) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\PROGRA~2\SOUNDF~1\SOUNDF~1.DLL (SoundFrost Company) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\bridget\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SoundFrost] C:\Program Files (x86)\SoundFrost\SoundFrost.exe (SoundFrost Company) O4 - HKCU..\Run: [SoundFrost Service] C:\Program Files (x86)\SoundFrost\SoundFrostService.exe () O4 - Startup: C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bridget\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F8281C9-C8BC-4AC3-A217-B2644EF929E7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell - "" = AutoRun O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{bd41e103-ce9b-11e2-be37-0024bef96b41}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.20 18:10:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bridget\Desktop\OTL.exe [2013.06.20 18:03:57 | 000,000,000 | ---D | C] -- C:\Users\bridget\Desktop\rechner probleme juni 2013 [2013.06.19 17:10:33 | 000,301,688 | ---- | C] (Thesycon GmbH) -- C:\Users\bridget\Desktop\dpclat.exe [2013.06.19 15:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.06.19 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.06.19 07:27:03 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.19 07:26:54 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.19 07:26:54 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.19 07:26:53 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.19 06:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SchoenerFernsehen [2013.06.18 20:54:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.06.18 20:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.06.18 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\iolo [2013.06.18 19:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo [2013.06.18 19:34:06 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll [2013.06.18 19:34:06 | 000,021,176 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolorgdf64.exe [2013.06.18 19:16:39 | 141,110,624 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\bridget\Desktop\13-4_win7_win8_64_dd_ccc_whql.exe [2013.06.18 18:53:04 | 000,000,000 | ---D | C] -- C:\AMD [2013.06.17 12:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraTec [2013.06.17 12:34:23 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\TerraTec [2013.06.17 07:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters [2013.06.17 07:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters [2013.06.16 14:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV [2013.06.16 14:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer TERRATEC Edition [2013.06.16 14:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVBViewer TERRATEC Edition [2013.06.16 13:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERRATEC Electronic GmbH [2013.06.15 04:18:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 04:18:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.13 06:07:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.13 06:07:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.13 06:07:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.13 06:07:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.13 06:07:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.13 06:07:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.13 06:07:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.13 06:07:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.13 06:07:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.13 06:07:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.13 06:07:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.13 06:07:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.13 06:07:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:46:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:46:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 18:46:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:46:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:46:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 18:45:56 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:45:55 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:45:55 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:45:54 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:45:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 18:45:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 18:45:44 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 18:45:44 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.08 09:46:07 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\Outlook-Dateien [2013.06.07 17:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.06.07 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.06.07 14:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.06.07 14:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.06.07 14:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.06.07 14:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2013.06.07 14:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.06.07 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.06.07 14:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.06.07 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.06.07 13:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.06.07 13:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.06.07 13:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.06.07 13:48:22 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.06.07 13:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.06.07 13:45:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.07 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\DAEMON Tools Lite [2013.06.07 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.06.07 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.06.06 09:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.01 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\Ryzoom Insolvenz [2013.05.30 07:30:44 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys [2013.05.30 07:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.05.30 07:28:40 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\Dealply [2013.05.30 07:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics [2013.05.26 23:04:37 | 000,000,000 | ---D | C] -- C:\Users\bridget\4.0 [2013.05.26 23:04:36 | 000,000,000 | ---D | C] -- C:\Users\bridget\.tfo4 [2013.05.26 22:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.26 22:55:15 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.05.24 22:39:25 | 000,000,000 | ---D | C] -- C:\Users\bridget\Documents\office 2013 ordner [2013.05.24 22:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2013.05.24 22:31:53 | 000,000,000 | ---D | C] -- C:\Users\bridget\AppData\Roaming\Roxio [2013.05.22 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.20 18:12:01 | 000,377,856 | ---- | M] () -- C:\Users\bridget\Desktop\gmer_2.1.19163.exe [2013.06.20 18:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bridget\Desktop\OTL.exe [2013.06.20 18:08:17 | 000,000,000 | ---- | M] () -- C:\Users\bridget\defogger_reenable [2013.06.20 18:08:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.20 18:07:58 | 000,050,477 | ---- | M] () -- C:\Users\bridget\Desktop\Defogger.exe [2013.06.20 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.20 08:04:10 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.06.19 21:08:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.19 17:47:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 17:47:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 17:39:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 17:39:24 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2013.06.19 17:15:17 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.06.19 17:12:50 | 000,029,454 | ---- | M] () -- C:\Users\Public\Documents\cc_20130619_171246.reg [2013.06.19 17:10:42 | 000,301,688 | ---- | M] (Thesycon GmbH) -- C:\Users\bridget\Desktop\dpclat.exe [2013.06.19 17:08:54 | 000,087,443 | ---- | M] () -- C:\Users\bridget\Desktop\esslingen senderliste.chl [2013.06.19 06:43:22 | 000,001,133 | ---- | M] () -- C:\Users\bridget\Desktop\SchoenerFernsehen.lnk [2013.06.19 03:11:28 | 001,765,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.19 03:11:28 | 000,767,030 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 03:11:28 | 000,710,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 03:11:28 | 000,172,472 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 03:11:28 | 000,140,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.19 03:11:17 | 001,765,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.18 21:45:33 | 000,015,898 | ---- | M] () -- C:\Users\Public\Documents\cc_20130618_214311.reg [2013.06.18 20:51:09 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk [2013.06.18 19:34:07 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll [2013.06.18 19:20:15 | 141,110,624 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\bridget\Desktop\13-4_win7_win8_64_dd_ccc_whql.exe [2013.06.18 18:25:48 | 000,003,262 | ---- | M] () -- C:\Users\Public\Documents\cc_20130618_182543.reg [2013.06.17 06:47:41 | 000,004,244 | ---- | M] () -- C:\Users\Public\Documents\cc_20130617_033131.reg [2013.06.16 14:00:54 | 000,001,133 | ---- | M] () -- C:\Users\bridget\Desktop\DVBViewer TERRATEC Edition.lnk [2013.06.13 11:28:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2013.06.12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.06.12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.11 23:21:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.11 23:21:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.08 03:47:30 | 000,472,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.07 13:46:33 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.07 13:45:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.04 05:23:59 | 000,001,055 | ---- | M] () -- C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.04 05:23:13 | 000,001,027 | ---- | M] () -- C:\Users\bridget\Desktop\Dropbox.lnk [2013.05.24 21:03:50 | 000,211,864 | ---- | M] () -- C:\Users\bridget\Documents\cc_20130524_210343.reg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.20 18:11:59 | 000,377,856 | ---- | C] () -- C:\Users\bridget\Desktop\gmer_2.1.19163.exe [2013.06.20 18:08:17 | 000,000,000 | ---- | C] () -- C:\Users\bridget\defogger_reenable [2013.06.20 18:07:58 | 000,050,477 | ---- | C] () -- C:\Users\bridget\Desktop\Defogger.exe [2013.06.19 17:15:17 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.06.19 17:12:48 | 000,029,454 | ---- | C] () -- C:\Users\Public\Documents\cc_20130619_171246.reg [2013.06.19 17:08:54 | 000,087,443 | ---- | C] () -- C:\Users\bridget\Desktop\esslingen senderliste.chl [2013.06.19 06:43:22 | 000,001,133 | ---- | C] () -- C:\Users\bridget\Desktop\SchoenerFernsehen.lnk [2013.06.18 21:43:19 | 000,015,898 | ---- | C] () -- C:\Users\Public\Documents\cc_20130618_214311.reg [2013.06.18 19:34:07 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2013.06.18 19:33:56 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk [2013.06.18 18:25:46 | 000,003,262 | ---- | C] () -- C:\Users\Public\Documents\cc_20130618_182543.reg [2013.06.17 06:47:30 | 000,004,244 | ---- | C] () -- C:\Users\Public\Documents\cc_20130617_033131.reg [2013.06.16 14:00:54 | 000,001,133 | ---- | C] () -- C:\Users\bridget\Desktop\DVBViewer TERRATEC Edition.lnk [2013.06.07 13:46:33 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.06.04 05:23:59 | 000,001,055 | ---- | C] () -- C:\Users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.30 07:30:46 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.05.30 07:30:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.05.30 07:28:40 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Dealply.job [2013.05.24 21:03:46 | 000,211,864 | ---- | C] () -- C:\Users\bridget\Documents\cc_20130524_210343.reg [2013.05.20 23:30:05 | 000,000,306 | RHS- | C] () -- C:\Users\bridget\ntuser.pol [2013.05.20 23:24:23 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.05.16 07:21:22 | 000,000,017 | ---- | C] () -- C:\Users\bridget\AppData\Local\resmon.resmoncfg [2013.05.13 03:17:10 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.05.12 08:45:32 | 001,765,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.04 14:54:15 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2013.01.04 14:44:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > ******************************* hier der GMER scan GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-20 19:52:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000057 TOSHIBA_ rev.GJ00 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\bridget\AppData\Local\Temp\fwriakod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076391465 2 bytes [39, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763914bb 2 bytes [39, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [65007200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!malloc] [6e006f00700073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy_s] [69002000650073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [7200650074006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1exception@@UEAA@XZ] [20006c00610076] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [650073006d0028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!realloc] [290063] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memmove_s] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@XZ] [77006f00440020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_CxxThrowException] [65005200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_callnewh] [6e006f00700073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__CxxFrameHandler3] [49002000650073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_XcptFilter] [7200650074006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_initterm] [20006c00610076] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_amsg_exit] [650073006d0028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_unlock] [4f004c0042005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__dllonexit] [49005f004b0043] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_lock] [5200450054004e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_onexit] [4c00410056] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memset] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_vsnwprintf] [65007a00690053] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!free] [200066006f0020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy] [20006500680074] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlGetNtProductType] [77006f00640020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!VerSetConditionMask] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlVirtualUnwind] [6c006200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlCaptureContext] [20006b0063006f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlLookupFunctionEntry] [200072006f0066] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetCurrentThreadId] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadLibraryW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!Sleep] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!TerminateProcess] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadResource] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!DisableThreadLibraryCalls] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegQueryValueExA] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegSetValueExW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegDeleteKeyW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ADVAPI32.dll!RegQueryInfoKeyW] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemRealloc] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemAlloc] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemFree] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoUninitialize] [77006f00440020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoInitializeEx] [61006f006c006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList] [74007300790073] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupOpenInfFileW] [280020006d0065] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupFindFirstLineW] [73007400690042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetIntField] [6300650073002f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetMultiSzFieldW] [29] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiEnumDeviceInfo] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiOpenDevRegKey] [5400530045005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiGetClassDevsW] [4500520046005f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupCloseInfFile] [410042005f0045] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetStringFieldW] [4900570044004e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[USER32.dll!CharNextW] [53005400490042] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[USER32.dll!LoadStringW] [77006f00640020] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogDeregisterW] [53006b0063006f] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogRegisterW] [200065007a0069] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogEventW] [74007900420028] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceDelete] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportRemove] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerDisconnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerDisconnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceCreate] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceEnum] [4ce79c9900000000] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceGetHandle] [200000000] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceTransportAdd] [1b0c00000025] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminTransportCreate] [110c] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerConnect] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportEnum] [0] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceGetHandle] [69007400730045] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportAdd] [6500740061006d] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportGetHandle] [61006200200064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportCreate] [6900770064006e] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportDelete] [20006800740064] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetHandle] [69006100760061] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetInfo] [6c00620061006c] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigBufferFree] [6f007400200065] IAT C:\Windows\system32\svchost.exe[812] @ C:\Windows\system32\rascfg.dll[slc.dll!SLGetWindowsInformationDWORD] [53005400490042] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free] [10000000000] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [6dd84e997a32] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose] [ffff9227b16685cd] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [2] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [7] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [8] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [1] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [9] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [a] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [32] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [b] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [1f4] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [0] IAT C:\Windows\Explorer.EXE[2420] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [0] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fe70ca Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbc0e751 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fe70ca (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbc0e751 (not active ControlSet) ---- EOF - GMER 2.1 ---- |
|
20.06.2013, 19:42
| #2 |
| /// TB-Ausbilder  |  windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
20.06.2013, 20:56
| #3 |
| | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht lieber helfer,
__________________ich bin verdammt dankbar - die hilfestellung kam ja prompt! unglaublich nett - ganz herzlichen dank.   den adwcleaner lasse ich aber öfter durchlaufen (oder muss ich dabei noch irgendetwas besonderes beachten?) dankbar - butzelwutzel hier jetzt die ergebnisse: 1. adwcleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 20/06/2013 um 21:38:59 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : bridget - BRIDGET-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\bridget\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\searchplugins\search-the-web.xml
Ordner Gelöscht : C:\Program Files (x86)\FindLyrics
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\FCTB
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\jetpack
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\bridget\AppData\Roaming\Yontoo
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08DCB611 --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\prefs.js
C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "1");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "9B8ED9F4D0160D88EF6D108FB228D3A1");
Gelöscht : user_pref("extensions.delta.id", "4ae5d5a90000000000007edd08dcb611");
Gelöscht : user_pref("extensions.delta.instlDay", "15855");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.57:29:01");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.57:29:01");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121845&tt=gc_");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 27);
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1369433003383");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.Uninstall", true);
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "hxxp%3A//home.mywebse[...]
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "83798374");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "5616c44fa5fcef59167819f4e76630a60dd[...]
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
Gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\bridget\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2139] : homepage = "hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=4AE57EDD08D[...]
Gelöscht [l.2556] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_d[...]
*************************
AdwCleaner[S1].txt - [6926 octets] - [20/06/2013 21:38:59]
########## EOF - C:\AdwCleaner[S1].txt - [6986 octets] ##########
DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2
Run by bridget at 21:45:52 on 2013-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2880 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\SoundFrost\SoundFrostService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\bridget\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01
uProxyServer = isamg.sv.de:8080
mWinlogon: Userinit = userinit.exe
BHO: SoundFrost: {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\Program Files (x86)\SoundFrost\SoundFrost.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: TerraTec Home Cinema: {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SoundFrost Service] C:\Program Files (x86)\SoundFrost\SoundFrostService.exe
uRun: [SoundFrost] C:\Program Files (x86)\SoundFrost\SoundFrost.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\bridget\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bridget\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\75C414E4D2030313643364832414934453 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\C414E413D244630343 : DHCPNameServer = 10.0.10.1 10.0.10.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3F8281C9-C8BC-4AC3-A217-B2644EF929E7} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-11 18:03; toolbar@gmx.net; C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\toolbar@gmx.net.xpi
FF - ExtSQL: 2013-05-19 07:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-20 23:30; SoundFrost@helper.com; C:\Program Files (x86)\SoundFrost\SoundFrost.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-4 55280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-7 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-30 4150112]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2013-1-4 104960]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-1-15 845312]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2013-1-4 19968]
R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-1-4 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-8 346144]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-5-30 35112]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-4 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-3-12 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-1-4 35104]
S3 DVBUSB_0064_Sevice;Cinergy S USB service;C:\Windows\System32\drivers\USB_0064.sys [2012-9-24 170792]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-4 61280]
S3 fsssvc;Windows Live Family Safety-Dienst;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]
S3 MODRC;Cinergy HT USB XE IR Service;C:\Windows\System32\drivers\ModRc.sys [2013-2-17 23744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-15 19456]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-15 57856]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2013-1-4 574320]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-15 1286784]
.
=============== Created Last 30 ================
.
2013-06-20 19:21:35 -------- d-----w- C:\Windows\System32\IO
2013-06-20 16:04:50 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA1B6159-A787-4459-A4D8-D592A06B899C}\mpengine.dll
2013-06-19 15:36:50 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-19 15:14:17 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-06-19 15:14:17 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-06-19 15:14:16 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-06-19 15:14:16 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-06-19 15:14:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-06-19 15:14:15 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-06-19 15:14:15 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-06-19 13:31:41 -------- d-----w- C:\ProgramData\TerraTec
2013-06-19 13:29:59 -------- d-----w- C:\Program Files\Bonjour
2013-06-19 13:29:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-06-19 05:26:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 04:43:15 -------- d-----w- C:\Program Files (x86)\SchoenerFernsehen
2013-06-18 18:54:17 -------- d-----w- C:\Windows\pss
2013-06-18 17:34:07 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2013-06-18 17:34:07 -------- d-----w- C:\Users\bridget\AppData\Roaming\iolo
2013-06-18 17:34:07 -------- d-----w- C:\ProgramData\iolo
2013-06-18 17:34:06 69000 ----a-w- C:\Windows\System32\offreg.dll
2013-06-18 17:34:06 21176 ----a-w- C:\Windows\System32\iolorgdf64.exe
2013-06-18 16:53:04 -------- d-----w- C:\AMD
2013-06-17 10:35:42 -------- d-----w- C:\Program Files\Common Files\TerraTec
2013-06-17 10:34:23 -------- d-----w- C:\Users\bridget\AppData\Roaming\TerraTec
2013-06-17 05:13:33 -------- d-----w- C:\Program Files (x86)\LAV Filters
2013-06-16 12:05:29 -------- d-----w- C:\ProgramData\CMUV
2013-06-16 12:00:48 -------- d-----w- C:\Program Files (x86)\DVBViewer TERRATEC Edition
2013-06-16 11:41:51 -------- d-----w- C:\Program Files (x86)\TERRATEC Electronic GmbH
2013-06-14 16:52:09 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6068C9FD-35A1-4045-BEA0-B9208035A30D}\gapaengine.dll
2013-06-12 16:46:10 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 16:46:09 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 16:46:09 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 16:46:05 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 16:46:05 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 16:46:00 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:46:00 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 16:45:56 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 16:45:55 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 16:45:55 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 16:45:54 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 16:45:54 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 16:45:54 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 16:45:54 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 16:45:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-12 16:45:53 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 16:45:53 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 16:45:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 16:45:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-07 12:04:03 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-06-07 12:03:41 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-06-07 12:02:52 -------- d-----w- C:\Windows\PCHEALTH
2013-06-07 12:02:52 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-06-07 11:49:46 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-06-07 11:49:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-06-07 11:45:33 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-06-07 11:45:29 -------- d-----w- C:\Users\bridget\AppData\Roaming\DAEMON Tools Lite
2013-06-07 11:45:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-06-07 11:44:41 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-05-30 05:31:09 20472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2013-05-30 05:30:44 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys
2013-05-30 05:30:40 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-05-26 21:04:37 -------- d-----w- C:\Users\bridget\4.0
2013-05-26 21:04:36 -------- d-----w- C:\Users\bridget\.tfo4
2013-05-26 20:55:15 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2013-06-12 19:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-11 21:21:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:21:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-12 01:06:02 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:47:21,78 ===============
hier dds-attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06.01.2013 15:19:43
System Uptime: 20.06.2013 21:43:38 (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD Phenom(tm) II P820 Triple-Core Processor | N/A | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 402,485 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 20.06.2013 20:47:20 - Removed Bing Maps 3D
RP136: 20.06.2013 20:50:40 - Removed Java(TM) 6 Update 20
RP137: 20.06.2013 21:22:34 - Removed Java(TM) 6 Update 31 (64-bit)
RP138: 20.06.2013 21:34:01 - Removed Java(TM) 6 Update 20
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) - Deutsch
Alps Pointing-device for VAIO
AMD USB Filter Driver
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cinergy HT USB XE V3.12.00.00a
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Defraggler
Dropbox
DVBViewer TERRATEC Edition
Einstellungen für VAIO-Inhaltsüberwachung
EVEREST Home Edition v2.20
Evernote
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
LAV Filters 0.53.2
Media Gallery
Media Gallery MergeModules x64
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Access MUI (German) 2013
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft DCF MUI (German) 2013
Microsoft Excel MUI (German) 2013
Microsoft Groove MUI (German) 2013
Microsoft InfoPath MUI (German) 2013
Microsoft Lync MUI (German) 2013
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 32-bit Components 2013
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Korrekturhilfen 2013 - Deutsch
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office OSM MUI (German) 2013
Microsoft Office OSM UX MUI (German) 2013
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional 2010
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing (German) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Italiano
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2013
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared MUI (German) 2013
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft OneNote MUI (German) 2013
Microsoft Outlook MUI (German) 2013
Microsoft PowerPoint MUI (German) 2013
Microsoft Publisher MUI (German) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 x64 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word MUI (German) 2013
Mozilla Firefox 21.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicStation
Outils de vérification linguistique 2013 de Microsoft Office*- Français
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Schoener Fernsehen 0.0.0.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Setting Utility Series
Setup_msm_VCMS_x64
Setup_msm_VOFS_x64
Setup_VEP_x64
Skype™ 6.3
SOHLib Merge Module
Sony Home Network Library
SoundFrost
TeamViewer 8
TERRATEC Cinergy S USB (64 Bit)
TerraTec Home Cinema
THC Codec Patch
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810014) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810017) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810018) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2767865) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2752073) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition
VAIO-Support für Übertragungen
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Energie Verwaltung
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Original Funktion Einstellungen
VAIO Premium Partners
VAIO screensaver
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
VLC media player 2.0.2
VMp MergeModule x64
VU5x64
VU5x86
WIDCOMM Bluetooth Software
WinAce Archiver 2.0
Windows-Treiberpaket - TerraTec (DVBUSB_0064_Sevice) Media (05/08/2009 1.4.2.4)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
WinRAR 4.11 (32-Bit)
WinRAR 4.20 (64-Bit)
.
==== End Of File ===========================
|
|
20.06.2013, 21:37
| #4 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Gerne, schauen wir mal weiter: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 22:43
| #5 |
| | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht hey ryder, hier nun das combofix-log. immerhin geht der rechner jetzt schon mal wieder etwas schneller hoch... DANKE! (jetzt weiß ich auch, wie man MSessentials deaktiviert...) - was konntest du denn jetzt erkennen? Code:
ATTFilter ComboFix 13-06-20.01 - bridget 20.06.2013 23:11:01.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2814 [GMT 2:00]
ausgeführt von:: c:\users\bridget\Desktop\rechner probleme juni 2013\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SOUNDF~1\SOUNdf~1.dll
c:\users\bridget\4.0
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-20 bis 2013-06-20 ))))))))))))))))))))))))))))))
.
.
2013-06-20 21:18 . 2013-06-20 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 19:21 . 2013-06-20 19:21 -------- d-----w- c:\windows\system32\IO
2013-06-20 16:04 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA1B6159-A787-4459-A4D8-D592A06B899C}\mpengine.dll
2013-06-19 15:36 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-19 15:14 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-06-19 15:14 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-06-19 15:14 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-06-19 15:14 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-06-19 15:14 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-06-19 15:14 . 2013-06-19 15:14 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-06-19 15:14 . 2013-06-19 15:14 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-06-19 13:31 . 2013-06-19 13:31 -------- d-----w- c:\programdata\TerraTec
2013-06-19 13:29 . 2013-06-19 13:30 -------- d-----w- c:\program files\Bonjour
2013-06-19 13:29 . 2013-06-19 13:30 -------- d-----w- c:\program files (x86)\Bonjour
2013-06-19 13:29 . 2013-06-19 13:29 -------- d-----w- c:\programdata\Apple
2013-06-19 05:26 . 2013-06-12 19:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 04:43 . 2013-06-19 04:43 -------- d-----w- c:\program files (x86)\SchoenerFernsehen
2013-06-18 18:50 . 2013-06-18 18:50 -------- d-----w- c:\programdata\Sony
2013-06-18 17:34 . 2013-06-18 19:59 -------- d-----w- c:\users\bridget\AppData\Roaming\iolo
2013-06-18 17:34 . 2013-06-18 18:24 -------- d-----w- c:\programdata\iolo
2013-06-18 17:34 . 2013-06-18 17:34 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2013-06-18 17:34 . 2012-08-17 15:25 69000 ----a-w- c:\windows\system32\offreg.dll
2013-06-18 17:34 . 2012-08-17 15:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe
2013-06-18 16:53 . 2013-06-18 16:53 -------- d-----w- C:\AMD
2013-06-17 10:35 . 2013-06-17 10:35 -------- d-----w- c:\program files\Common Files\TerraTec
2013-06-17 10:34 . 2013-06-19 15:14 -------- d-----w- c:\users\bridget\AppData\Roaming\TerraTec
2013-06-17 05:13 . 2013-06-19 15:24 -------- d-----w- c:\program files (x86)\LAV Filters
2013-06-16 12:05 . 2013-06-16 12:05 -------- d-----w- c:\programdata\CMUV
2013-06-16 12:00 . 2013-06-16 12:00 -------- d-----w- c:\program files (x86)\DVBViewer TERRATEC Edition
2013-06-16 11:41 . 2013-06-16 11:41 -------- d-----w- c:\program files (x86)\TERRATEC Electronic GmbH
2013-06-14 16:52 . 2013-05-21 07:14 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6068C9FD-35A1-4045-BEA0-B9208035A30D}\gapaengine.dll
2013-06-12 16:46 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 16:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 16:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 16:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 16:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 16:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 16:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 16:45 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 16:45 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 16:45 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 16:45 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 16:45 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 16:45 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 16:45 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 16:45 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 16:45 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 16:45 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 16:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 16:45 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-07 12:04 . 2013-06-07 12:04 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-06-07 12:04 . 2013-06-07 12:04 -------- d-----w- c:\program files\Microsoft.NET
2013-06-07 12:04 . 2013-06-07 12:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-06-07 12:03 . 2013-06-07 12:03 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-06-07 12:02 . 2013-06-07 12:04 -------- d-----w- c:\program files\Microsoft SQL Server
2013-06-07 12:02 . 2013-06-07 12:02 -------- d-----w- c:\windows\PCHEALTH
2013-06-07 11:49 . 2013-06-07 11:49 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-06-07 11:49 . 2013-06-07 11:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-06-07 11:49 . 2013-06-07 15:47 -------- d-----w- c:\program files\Microsoft Office
2013-06-07 11:48 . 2013-06-07 11:48 -------- d-----r- C:\MSOCache
2013-06-07 11:45 . 2013-06-07 11:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-06-07 11:45 . 2013-06-16 22:06 -------- d-----w- c:\users\bridget\AppData\Roaming\DAEMON Tools Lite
2013-06-07 11:45 . 2013-06-07 11:45 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-06-07 11:44 . 2013-06-07 11:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-06-06 07:12 . 2013-06-06 07:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-30 05:31 . 2013-06-06 06:24 20472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2013-05-30 05:30 . 2012-11-28 17:49 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2013-05-30 05:30 . 2013-05-30 05:30 -------- d-----w- c:\program files (x86)\TeamViewer
2013-05-26 21:04 . 2013-05-30 04:52 -------- d-----w- c:\users\bridget\.tfo4
2013-05-26 20:55 . 2013-05-26 20:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-26 20:55 . 2013-06-12 19:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-24 20:31 . 2013-05-27 14:50 -------- d-----w- c:\programdata\Roxio
2013-05-24 20:31 . 2013-05-24 20:31 -------- d-----w- c:\users\bridget\AppData\Roaming\Roxio
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 04:08 . 2013-01-06 15:41 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 19:48 . 2013-01-06 14:30 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-11 21:21 . 2013-01-06 14:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:21 . 2013-01-06 14:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 07:14 . 2013-03-19 09:03 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-12 01:08 . 2013-05-12 01:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 01:08 . 2013-05-12 01:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-12 01:08 . 2013-05-12 01:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-12 01:08 . 2013-05-12 01:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-12 01:08 . 2013-05-12 01:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-12 01:08 . 2013-05-12 01:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-12 01:08 . 2013-05-12 01:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-12 01:08 . 2013-05-12 01:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-12 01:08 . 2013-05-12 01:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-12 01:08 . 2013-05-12 01:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-12 01:08 . 2013-05-12 01:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-12 01:08 . 2013-05-12 01:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-12 01:08 . 2013-05-12 01:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-12 01:08 . 2013-05-12 01:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-12 01:08 . 2013-05-12 01:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-12 01:08 . 2013-05-12 01:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-12 01:08 . 2013-05-12 01:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-12 01:08 . 2013-05-12 01:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-12 01:08 . 2013-05-12 01:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-12 01:08 . 2013-05-12 01:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-12 01:08 . 2013-05-12 01:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-12 01:08 . 2013-05-12 01:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-12 01:08 . 2013-05-12 01:08 441856 ----a-w- c:\windows\system32\html.iec
2013-05-12 01:08 . 2013-05-12 01:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-12 01:08 . 2013-05-12 01:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-12 01:08 . 2013-05-12 01:08 235008 ----a-w- c:\windows\system32\url.dll
2013-05-12 01:08 . 2013-05-12 01:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-12 01:08 . 2013-05-12 01:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-12 01:08 . 2013-05-12 01:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-12 01:08 . 2013-05-12 01:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-12 01:08 . 2013-05-12 01:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-12 01:08 . 2013-05-12 01:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-12 01:08 . 2013-05-12 01:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-12 01:08 . 2013-05-12 01:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-12 01:08 . 2013-05-12 01:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-12 01:08 . 2013-05-12 01:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-12 01:08 . 2013-05-12 01:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-12 01:08 . 2013-05-12 01:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-12 01:08 . 2013-05-12 01:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-12 01:08 . 2013-05-12 01:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-12 01:08 . 2013-05-12 01:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-12 01:08 . 2013-05-12 01:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-12 01:08 . 2013-05-12 01:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-12 01:08 . 2013-05-12 01:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 01:08 . 2013-05-12 01:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-12 01:08 . 2013-05-12 01:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-12 01:08 . 2013-05-12 01:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-12 01:08 . 2013-05-12 01:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-12 01:08 . 2013-05-12 01:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-12 01:06 . 2013-05-12 01:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-12 01:06 . 2013-05-12 01:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-12 01:06 . 2013-05-12 01:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-12 01:06 . 2013-05-12 01:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-12 01:06 . 2013-05-12 01:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-12 01:06 . 2013-05-12 01:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-12 01:06 . 2013-05-12 01:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-12 01:06 . 2013-05-12 01:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-12 01:06 . 2013-05-12 01:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-12 01:06 . 2013-05-12 01:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-12 01:06 . 2013-05-12 01:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-12 01:06 . 2013-05-12 01:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-12 01:06 . 2013-05-12 01:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-12 01:06 . 2013-05-12 01:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-12 01:06 . 2013-05-12 01:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-12 01:06 . 2013-05-12 01:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-12 01:06 . 2013-05-12 01:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-12 01:06 . 2013-05-12 01:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-12 01:06 . 2013-05-12 01:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-12 01:06 . 2013-05-12 01:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-12 01:06 . 2013-05-12 01:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-12 01:06 . 2013-05-12 01:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-12 01:06 . 2013-05-12 01:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-12 01:06 . 2013-05-12 01:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-12 01:06 . 2013-05-12 01:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-12 01:06 . 2013-05-12 01:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-12 01:06 . 2013-05-12 01:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-12 01:06 . 2013-05-12 01:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-12 01:06 . 2013-05-12 01:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 19:00 1725128 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundFrost Service"="c:\program files (x86)\SoundFrost\SoundFrostService.exe" [2013-05-13 348160]
"SoundFrost"="c:\program files (x86)\SoundFrost\SoundFrost.exe" [2013-05-13 1738752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\bridget\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bridget\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DVBUSB_0064_Sevice;Cinergy S USB service;c:\windows\system32\DRIVERS\usb_0064.sys;c:\windows\SYSNATIVE\DRIVERS\usb_0064.sys [x]
R3 MODRC;Cinergy HT USB XE IR Service;c:\windows\system32\DRIVERS\modrc.sys;c:\windows\SYSNATIVE\DRIVERS\modrc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
R4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 03:11 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 21:21]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 12:46]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 12:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 18:55 2328776 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 18:55 2328776 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 18:55 2328776 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\bridget\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = isamg.sv.de:8080
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - ExtSQL: 2013-05-11 18:03; toolbar@gmx.net; c:\users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\toolbar@gmx.net.xpi
FF - ExtSQL: 2013-05-19 07:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bridget\AppData\Roaming\Mozilla\Firefox\Profiles\1liqlnml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-20 23:30; SoundFrost@helper.com; c:\program files (x86)\SoundFrost\SoundFrost.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{081524f7-7ed8-43ff-b01e-915c410a9cbe} - c:\progra~2\SOUNDF~1\SOUNDF~1.DLL
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-20 23:27:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-20 21:27
.
Vor Suchlauf: 12 Verzeichnis(se), 431.890.632.704 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 431.878.701.056 Bytes frei
.
- - End Of File - - 95B6D420D853C2E62FACCE57E8DFDF62
A36C5E4F47E84449FF07ED3517B43A31
das problem mit dem ansteuern von nicht gewollten webpages (ebay oder "marktjagt" erscheinen statt des angeklickten links) besteht immer noch... ansonsten ist der rechner wieder besser insgesamt in der performance. vielen dank fürs helfen - und dann auch noch so schnell! |
|
22.06.2013, 10:03
| #6 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Wir entfernen noch ein wenig. Beschreibe mir mal genau so hin die Seiten führen. Hast du eine IR Fernbedienung in Benutzung? Combofix-Skript
__________________ --> windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht |
|
25.06.2013, 19:04
| #7 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.06.2013, 09:28
| #8 |
| | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht ich hab übrigens keine IR in benutzung - allerdings wird sie von terratec homecinema immer mitinstalliert.. ich entferne sie dann. heute morgen im übrigen auch wieder nerv: ersten ist jetzt (vermute wg. dem letzten download von combofix) (obwohl ich eine installation des deltabrowsers verneint habe) erstens war der delta als suchmaschine eingetragen und zweitens bin ich - nach umschalten auf google - bei den suchergebnissen auf "ask" umgeleitet worden. also: die umleitungen waren ebay, marktagent und ask. schönen montag butzelwutzel |
|
26.06.2013, 13:59
| #9 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Combofix enthält keine Werbung, wenn man es vom angegebenen Link herunterlädt und ein Logfile sehe ich auch nicht.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.06.2013, 14:58
| #10 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.06.2013, 09:03
| #11 |
| /// TB-Ausbilder | windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu windows 7 - plötzlich langsam, firefox geht ungewollt auf werbeseiten, cinergy s funktioniert nicht |
| adobe, bho, bonjour, ebay, error, explorer, firefox, flash player, format, gmx.net, google, home, langsam, logfile, mozilla, ntdll.dll, object, plug-in, programme, realtek, registry, security, server, svchost.exe, temp, unlock, usb, windows |
