Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some issues with varius files and data streams

Started by sk8fly , Feb 11 2012 06:34 AM

  • Please log in to reply

#1
sk8fly
Posted 11 February 2012 - 06:34 AM

sk8fly

    New Member

  • Member
  • Pip
  • 2 posts
Hello im new, i hope some body can gelp me identifying some task's and data streams

first of all my problems:

i recognize that my internet is getting a little delay, it acts like some dns-change thing!

i got various svchosts.exe with different PIDS!

a few svchosts.exe is receiving and sending data all time i got

----files that are not trusted by comodo i-net sercurity----

i got comodo internet security it tells me about:

trustedinstaller.exe in c:\windows\servicing\

dllhost.exe in c:\windows\system32\


----next problem----

C:\Windows : nlsPreferences
this is found also by hijack this:
C:\Windows : nlsPreferences (256 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)

----OTL-Log----

[LOG]

OTL logfile created on: 11.02.2012 13:15:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Worksattion\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 11,57 Gb Available Physical Memory | 72,40% Memory free
31,97 Gb Paging File | 26,92 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 26,70 Gb Free Space | 22,41% Space Free | Partition Type: NTFS
Drive D: | 585,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 265,76 Gb Total Space | 210,38 Gb Free Space | 79,16% Space Free | Partition Type: NTFS
Drive F: | 200,00 Gb Total Space | 155,68 Gb Free Space | 77,84% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 504,87 Gb Free Space | 36,13% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION-PC | User Name: Worksattion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.11 13:13:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Worksattion\Downloads\OTL (1).exe
PRC - [2012.01.30 16:21:26 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Worksattion\Downloads\HiJackThis204.exe
PRC - [2012.01.02 22:15:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.09.22 17:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.02.22 21:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
PRC - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2007.11.20 11:52:30 | 000,045,700 | ---- | M] () -- C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
PRC - [2005.02.17 07:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.20 06:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
MOD - [2012.01.20 06:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012.01.20 06:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012.01.20 06:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012.01.20 06:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2012.01.20 03:14:40 | 008,593,056 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
MOD - [2012.01.20 03:14:40 | 008,593,056 | ---- | M] () -- C:\Users\WORKSA~1\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll
MOD - [2012.01.02 14:42:15 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012.01.02 14:42:12 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012.01.02 14:41:59 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012.01.02 14:41:56 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.10.25 15:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
MOD - [2009.06.10 16:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\DBIOS.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.01.02 16:03:24 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.12.19 18:59:00 | 002,779,416 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011.02.22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.01 18:08:25 | 000,224,768 | ---- | M] () [Auto | Running] -- C:\Programme\Chaos Group\V-Ray\3dsmax 2012 for x64\startvrlservice.exe -- (VRLService)
SRV - [2012.01.02 22:15:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.23 11:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011.09.22 17:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.11.20 11:52:30 | 000,045,700 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe -- (IPClampService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.01.18 20:12:59 | 000,113,280 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.12.19 18:59:16 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011.11.29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012.02.06 19:39:32 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.01.24 13:22:58 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.01.04 22:53:28 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2012.01.02 14:50:33 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED FE 20 B9 C9 E1 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Worksattion\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Worksattion\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.06 19:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 16:25:10 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Worksattion\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Worksattion\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Worksattion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Worksattion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Skype Click to Call = C:\Users\Worksattion\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Worksattion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Worksattion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.01.30 17:54:53 | 000,003,327 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 55 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-RJ9BV.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe ()
O4 - Startup: C:\Users\Worksattion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1977E20D-4543-4929-ADCC-0FB5FC638A60}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.02 12:10:52 | 000,000,077 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010.10.13 10:30:19 | 000,000,000 | -H-D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2009.07.15 09:11:01 | 000,002,238 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007.07.02 15:34:00 | 000,424,960 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.07.10 03:21:21 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{23708b40-353e-11e1-aa6f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23708b40-353e-11e1-aa6f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.07.02 15:34:00 | 000,424,960 | R--- | M] ()
O33 - MountPoints2\{fe085d41-354d-11e1-a0cf-1c6f65ce6de4}\Shell - "" = AutoRun
O33 - MountPoints2\{fe085d41-354d-11e1-a0cf-1c6f65ce6de4}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{fe085d41-354d-11e1-a0cf-1c6f65ce6de4}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{fe085d41-354d-11e1-a0cf-1c6f65ce6de4}\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.08 19:42:31 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Local\Nik Software
[2012.02.08 19:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2012.02.08 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012.02.08 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Malwarebytes
[2012.02.08 19:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 19:10:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.08 19:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.08 19:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 22:43:29 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Documents\Work
[2012.02.01 19:21:19 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Documents\Swedish-Cluster
[2012.02.01 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2012.02.01 18:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2012.02.01 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Desktop\Vray 2.20.03
[2012.01.31 16:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.31 16:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.31 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\PACE Anti-Piracy
[2012.01.31 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Local\PACE Anti-Piracy
[2012.01.31 14:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.01.31 14:26:36 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Documents\Adobe
[2012.01.31 14:09:34 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Application Data
[2012.01.31 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Documents\Neuer Ordner
[2012.01.30 17:29:11 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.01.30 16:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.01.29 23:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.01.29 23:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.01.29 21:40:48 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Skype
[2012.01.29 21:40:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.01.29 21:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.01.29 21:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.01.29 21:22:56 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Box.Net
[2012.01.29 21:22:27 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Local\assembly
[2012.01.29 21:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Box
[2012.01.29 21:10:20 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Box
[2012.01.29 18:03:12 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Limit
[2012.01.29 18:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Next Limit
[2012.01.29 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\Documents\Maxwell
[2012.01.29 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Next Limit
[2012.01.29 13:27:58 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.01.29 13:27:58 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.01.21 18:05:35 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\OfficeRecovery
[2012.01.21 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete
[2012.01.21 17:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reincubate
[2012.01.21 17:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reincubate
[2012.01.19 15:59:36 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Local\backburner
[2012.01.18 20:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vmcMoteServer
[2012.01.18 20:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012.01.18 20:13:03 | 000,114,688 | ---- | C] (ITE Tech. Inc.) -- C:\Windows\SysNative\IRMonitor.exe
[2012.01.18 20:13:03 | 000,049,152 | ---- | C] (ITE Technologies, Inc.) -- C:\Windows\SysWow64\AF9100EX.dll
[2012.01.18 20:13:03 | 000,049,152 | ---- | C] (ITE Technologies, Inc.) -- C:\Windows\SysNative\AF9100EX.dll
[2012.01.18 20:12:59 | 000,113,280 | ---- | C] (ITE ) -- C:\Windows\SysNative\drivers\IT9135BDA.sys
[2012.01.17 16:28:04 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Local\Diagnostics
[2012.01.15 15:29:08 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\vlc
[2012.01.15 15:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.15 15:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.15 14:54:05 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Film Tools
[2012.01.15 14:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Digital Film Tools
[2012.01.15 14:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Film Tools
[2012.01.15 14:47:59 | 000,000,000 | ---D | C] -- C:\Users\Worksattion\AppData\Roaming\onOne Software
[2012.01.15 14:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2012.01.15 14:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2012.01.15 14:44:14 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlssrv32.exe
[2012.01.15 14:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.01.15 14:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2012.01.15 14:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software

========== Files - Modified Within 30 Days ==========

[2012.02.11 12:50:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2892723929-3261628324-297288635-1000UA.job
[2012.02.11 12:40:50 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 12:40:50 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 12:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 20:50:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2892723929-3261628324-297288635-1000Core.job
[2012.02.10 20:30:27 | 000,007,617 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Resmon.ResmonCfg
[2012.02.10 19:50:41 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.02.10 19:50:41 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.10 19:50:16 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.02.10 16:40:01 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.02.08 19:10:58 | 000,709,968 | ---- | M] () -- C:\Windows\is-RJ9BV.exe
[2012.02.08 19:10:58 | 000,012,782 | ---- | M] () -- C:\Windows\is-RJ9BV.msg
[2012.02.08 19:10:58 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.08 19:10:58 | 000,000,459 | ---- | M] () -- C:\Windows\is-RJ9BV.lst
[2012.02.08 17:00:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.08 17:00:02 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.08 17:00:02 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.08 17:00:02 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.08 17:00:02 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.07 20:04:38 | 000,001,456 | ---- | M] () -- C:\Users\Worksattion\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.02.06 23:22:11 | 001,087,601 | ---- | M] () -- C:\Users\Worksattion\Documents\Brainstorming.pdf
[2012.02.06 19:39:07 | 4281,688,062 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.02 23:41:58 | 001,074,279 | ---- | M] () -- C:\Users\Worksattion\Desktop\TWE_SCHUMMLER.pdf
[2012.02.02 22:12:59 | 004,343,417 | ---- | M] () -- C:\Users\Worksattion\Desktop\TWE_01.pdf
[2012.02.01 22:53:34 | 000,002,013 | ---- | M] () -- C:\Users\Worksattion\Desktop\Maxwell Render Node.lnk
[2012.02.01 22:53:34 | 000,002,013 | ---- | M] () -- C:\Users\Worksattion\Desktop\Maxwell Monitor.lnk
[2012.02.01 22:53:34 | 000,002,013 | ---- | M] () -- C:\Users\Worksattion\Desktop\Maxwell Manager.lnk
[2012.02.01 22:53:34 | 000,001,313 | ---- | M] () -- C:\Users\Worksattion\Desktop\Guapdf.Quad.Cuda.exe - Verknüpfung.lnk
[2012.02.01 22:53:34 | 000,001,093 | ---- | M] () -- C:\Users\Worksattion\Desktop\PyMaxwell Editor.lnk
[2012.02.01 22:48:50 | 002,172,671 | ---- | M] () -- C:\Users\Worksattion\Desktop\BÜROGEBÄUDE.pdf
[2012.02.01 22:37:17 | 000,293,249 | ---- | M] () -- C:\Users\Worksattion\Desktop\REIHENHAUSGRUNDRISSE.pdf
[2012.01.31 16:58:06 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.31 11:04:26 | 2747,457,000 | ---- | M] () -- C:\Users\Worksattion\Documents\pm2.vrpmap
[2012.01.30 17:54:53 | 000,003,327 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.30 16:41:13 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012.01.30 16:35:59 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.01.30 16:35:48 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.01.29 18:07:22 | 000,052,284 | ---- | M] () -- C:\Windows\MaxwellMaxPluginUninstall.exe
[2012.01.29 13:18:28 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.01.26 18:30:01 | 000,002,389 | ---- | M] () -- C:\Users\Worksattion\Desktop\Google Chrome.lnk
[2012.01.25 21:01:01 | 000,051,586 | ---- | M] () -- C:\Users\Worksattion\Desktop\1279768601.jpg
[2012.01.24 22:03:52 | 020,122,027 | ---- | M] () -- C:\Users\Worksattion\Desktop\11_01_twe_einfuehrung.pdf
[2012.01.24 13:22:58 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.01.22 17:08:10 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.01.21 18:05:02 | 000,002,439 | ---- | M] () -- C:\Users\Worksattion\Desktop\FreeUndelete.lnk
[2012.01.21 17:45:53 | 000,001,350 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk
[2012.01.19 21:40:11 | 000,000,132 | ---- | M] () -- C:\Users\Worksattion\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.18 20:12:59 | 000,114,688 | ---- | M] (ITE Tech. Inc.) -- C:\Windows\SysNative\IRMonitor.exe
[2012.01.18 20:12:59 | 000,113,280 | ---- | M] (ITE ) -- C:\Windows\SysNative\drivers\IT9135BDA.sys
[2012.01.18 20:12:59 | 000,049,152 | ---- | M] (ITE Technologies, Inc.) -- C:\Windows\SysWow64\AF9100EX.dll
[2012.01.18 20:12:59 | 000,049,152 | ---- | M] (ITE Technologies, Inc.) -- C:\Windows\SysNative\AF9100EX.dll
[2012.01.18 20:12:59 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2012.01.15 15:28:54 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.15 14:46:20 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Perfect Mask 5.lnk
[2012.01.15 14:13:24 | 000,399,646 | ---- | M] () -- C:\Users\Worksattion\Desktop\Der_Aktivierungsgerät.zip

========== Files Created - No Company Name ==========

[2012.02.08 19:44:24 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2012.02.08 19:10:58 | 000,709,968 | ---- | C] () -- C:\Windows\is-RJ9BV.exe
[2012.02.08 19:10:58 | 000,012,782 | ---- | C] () -- C:\Windows\is-RJ9BV.msg
[2012.02.08 19:10:58 | 000,000,459 | ---- | C] () -- C:\Windows\is-RJ9BV.lst
[2012.02.08 19:10:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.06 23:22:09 | 001,087,601 | ---- | C] () -- C:\Users\Worksattion\Documents\Brainstorming.pdf
[2012.02.02 23:41:58 | 001,074,279 | ---- | C] () -- C:\Users\Worksattion\Desktop\TWE_SCHUMMLER.pdf
[2012.02.02 22:12:59 | 004,343,417 | ---- | C] () -- C:\Users\Worksattion\Desktop\TWE_01.pdf
[2012.02.01 22:48:50 | 002,172,671 | ---- | C] () -- C:\Users\Worksattion\Desktop\BÜROGEBÄUDE.pdf
[2012.02.01 22:37:17 | 000,293,249 | ---- | C] () -- C:\Users\Worksattion\Desktop\REIHENHAUSGRUNDRISSE.pdf
[2012.01.31 16:58:06 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.31 11:04:11 | 2747,457,000 | ---- | C] () -- C:\Users\Worksattion\Documents\pm2.vrpmap
[2012.01.30 16:41:34 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.01.30 16:41:13 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012.01.30 16:35:59 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.01.30 16:35:48 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.01.29 23:45:06 | 000,001,313 | ---- | C] () -- C:\Users\Worksattion\Desktop\Guapdf.Quad.Cuda.exe - Verknüpfung.lnk
[2012.01.29 18:05:14 | 000,052,284 | ---- | C] () -- C:\Windows\MaxwellMaxPluginUninstall.exe
[2012.01.29 18:03:12 | 000,002,013 | ---- | C] () -- C:\Users\Worksattion\Desktop\Maxwell Render Node.lnk
[2012.01.29 18:03:12 | 000,002,013 | ---- | C] () -- C:\Users\Worksattion\Desktop\Maxwell Monitor.lnk
[2012.01.29 18:03:12 | 000,002,013 | ---- | C] () -- C:\Users\Worksattion\Desktop\Maxwell Manager.lnk
[2012.01.29 18:03:12 | 000,001,093 | ---- | C] () -- C:\Users\Worksattion\Desktop\PyMaxwell Editor.lnk
[2012.01.25 21:01:06 | 000,051,586 | ---- | C] () -- C:\Users\Worksattion\Desktop\1279768601.jpg
[2012.01.24 22:03:59 | 020,122,027 | ---- | C] () -- C:\Users\Worksattion\Desktop\11_01_twe_einfuehrung.pdf
[2012.01.21 18:05:02 | 000,002,439 | ---- | C] () -- C:\Users\Worksattion\Desktop\FreeUndelete.lnk
[2012.01.21 17:45:53 | 000,001,350 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk
[2012.01.18 20:13:03 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin
[2012.01.15 15:28:54 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.01.15 14:46:20 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Perfect Mask 5.lnk
[2012.01.15 14:13:24 | 000,399,646 | ---- | C] () -- C:\Users\Worksattion\Desktop\Der_Aktivierungsgerät.zip
[2012.01.08 22:08:37 | 000,001,456 | ---- | C] () -- C:\Users\Worksattion\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.01.08 05:45:20 | 000,007,617 | ---- | C] () -- C:\Users\Worksattion\AppData\Local\Resmon.ResmonCfg
[2012.01.06 04:50:47 | 000,000,132 | ---- | C] () -- C:\Users\Worksattion\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.03 18:36:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{1CDF2E1E-D362-4F96-8CAD-026451D69AEA}_WiseFW.ini
[2012.01.03 18:18:22 | 000,000,208 | ---- | C] () -- C:\ProgramData\{6BC52438-5DE4-4102-846E-64C225A0A04E}_WiseFW.ini
[2012.01.02 16:03:25 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.01.02 16:01:18 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.02 15:46:48 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.02 15:46:47 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.01.02 15:46:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.02 14:15:54 | 000,000,079 | ---- | C] () -- C:\Users\Worksattion\AppData\Local\CrystalDiskMark30.ini
[2012.01.02 13:51:41 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.01.02 13:45:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.01.02 13:41:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.12.17 12:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.22 17:31:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012.01.22 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\Autodesk
[2012.01.29 21:11:13 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\Box
[2012.01.29 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\Box.Net
[2012.01.21 18:05:35 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\OfficeRecovery
[2012.01.15 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\onOne Software
[2012.01.02 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\Origin
[2012.01.31 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\PACE Anti-Piracy
[2012.01.06 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\TS3Client
[2012.01.02 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\ts3overlay
[2012.02.06 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Worksattion\AppData\Roaming\uTorrent
[2009.07.14 06:08:49 | 000,008,442 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1186 bytes -> C:\Users\Worksattion\AppData\Local\ACj8Zwj6:zixzh8Ro2QRsZA4veP1R

< End of report >

[END LOG]

thank you for checking!

phil

Edited by sk8fly, 11 February 2012 - 06:52 AM.

  • 0

Advertisements

#2
sk8fly
Posted 11 February 2012 - 11:19 AM

sk8fly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Nobody has an idea?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP