Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV-Trojaner (EXP/Java.Ivinest.Gen)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 13:16   #1
nex120
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



Hallo,
ich habe mir vorhin beim surfen wohl einen Trojaner eingefangen.
Seitdem bekomme ich nur noch einen weissen Bildschirm mit einer Meldung von der GUV, dass ich per paysafecard Geld für die Entsperrung bezahlen soll.
Habe dummerweise schon laenger nichtmehr Java geupdated weil dieser automatische Updater nie funktioniert hat, war wohl ein Fehler...

Ich schreibe immoment von meinem Admin Konto, hier funktionirt noch alles.

Ich habe gerade einen Scan mit Avira durchgeführt, und folgendes wurde gefunden: EXP/Java.Ivinest.Gen (C:\Users\****\AppData\Local\Temp\jar_cache5201313352718993022.tmp)
Habe es in Qurantäne verschoben.

Habe Win7 64 Bit

OTL:
Code:
ATTFilter
OTL logfile created on: 7/31/2012 12:50:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.15 Gb Available in Paging File | 77.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 207.05 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
Drive D: | 274.95 Gb Total Space | 194.67 Gb Free Space | 70.80% Space Free | Partition Type: NTFS
 
Computer Name: NEX-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WinRing0_1_2_0) -- C:\Users\NeX\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 62 DA 37 01 6F CD 01  [binary data]
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 65 01 F9 11 6D CD 01  [binary data]
IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 22:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 19:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 21:07:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/16 18:18:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/06/19 21:07:41 | 000,000,000 | ---D | M]
 
[2012/06/25 14:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/06/07 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/19 19:33:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 17:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 17:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/06/07 17:55:43 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe ()
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1003..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7275C768-4920-4AF7-ABB3-595421EB8626}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/31 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Razer
[2012/07/31 12:17:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/29 00:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\LolClient
[2012/07/28 18:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/28 17:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/07/28 17:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/07/28 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012/07/28 00:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/07/22 16:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
[2012/07/22 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam
[2012/07/14 14:39:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/07/14 14:39:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/07/14 14:39:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/07/14 14:36:23 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/14 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2012/07/14 14:01:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2012/07/14 14:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2012/07/12 03:01:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:01:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:01:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:01:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:01:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:01:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:01:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:01:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:01:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:01:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:01:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:01:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 23:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012/07/11 23:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012/07/11 16:48:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 16:48:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 16:48:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 16:48:09 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 16:48:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 16:48:02 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 16:48:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/01 15:01:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012/07/01 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Not_Aion_Launcher
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 12:53:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/07/31 12:18:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/31 12:17:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 10:02:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 10:02:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 10:01:34 | 000,778,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/31 10:01:34 | 000,660,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 10:01:34 | 000,120,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 09:57:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 09:57:08 | 3191,304,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 01:17:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/29 01:17:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/14 14:39:56 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/14 14:01:16 | 000,001,967 | ---- | M] () -- C:\Users\Admin\Desktop\GamezAion Launcher.lnk
[2012/07/12 03:22:36 | 004,901,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 23:51:35 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk
[2012/07/06 09:50:52 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\JavaEditor.lnk
 
========== Files Created - No Company Name ==========
 
[2012/07/31 11:45:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/14 14:39:56 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/14 14:01:16 | 000,001,967 | ---- | C] () -- C:\Users\Admin\Desktop\GamezAion Launcher.lnk
[2012/07/11 23:51:35 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk
[2012/07/06 09:50:52 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\JavaEditor.lnk
[2012/06/21 09:57:11 | 000,772,014 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 22:28:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== LOP Check ==========
 
[2012/06/07 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012/06/18 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012/06/18 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/07/29 00:37:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2012/06/19 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2012/07/31 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Razer
[2012/07/31 11:44:03 | 000,000,000 | -H-D | M] -- C:\Users\NeX\AppData\Roaming\B2196877
[2012/06/07 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\DAEMON Tools Lite
[2012/06/18 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\DVDVideoSoft
[2012/07/29 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\FileZilla
[2012/06/21 10:58:01 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Foxit Software
[2012/07/22 16:48:53 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\iFunbox_UserCache
[2012/07/14 16:22:20 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\LolClient
[2012/06/19 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Notepad++
[2012/06/07 03:24:42 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Razer
[2012/07/10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\TeamViewer
[2012/06/07 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Thunderbird
[2012/07/14 01:20:12 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\TS3Client
[2009/07/14 07:08:49 | 000,016,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
EXTRAS
Code:
ATTFilter
OTL Extras logfile created on: 7/31/2012 12:50:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.15 Gb Available in Paging File | 77.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 207.05 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
Drive D: | 274.95 Gb Total Space | 194.67 Gb Free Space | 70.80% Space Free | Partition Type: NTFS
 
Computer Name: NEX-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C52655-7D88-4198-B2F4-52175FC9CD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{160FB0E5-77E3-41D3-81B1-0330F2CB818F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C551EFB-F34B-4119-A948-6161495C0C2F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{235FD5FA-88FE-4648-B43B-20CE62156B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33414CEC-8AFF-4E05-8353-74B99632BDD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{355CD5F6-D01E-4266-B6DF-49B8693C741A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3EF12DCB-9F21-4D1E-A542-7501BACF5A68}" = lport=139 | protocol=6 | dir=in | app=system | 
"{466C62D2-46EC-479E-B327-667DE17E46AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60B0C372-AF06-469E-A231-5B3432FD0155}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6FE5284B-9892-4537-AD64-DFAE9CA61179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70F9206B-A6F0-4989-8E87-2CD915646933}" = lport=56131 | protocol=6 | dir=in | name=pando media booster | 
"{7A53D41E-F8B8-49CF-874D-C8051A85C96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80830945-F2CC-4867-A17C-8E651D6A5A0F}" = lport=56131 | protocol=17 | dir=in | name=pando media booster | 
"{84A25262-F819-4D15-86D2-2548C1AD9856}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8AC003C0-08FC-4ED4-BF93-B332F1CA398B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C813045-F942-4970-9FD7-B3BB0E8BD6A3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9DF3700F-58D1-42A4-95AC-62DD503D1930}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A27A5EC9-0530-4096-9702-12946A59EB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B33BFC5F-B66F-4D70-B569-0920C1A18392}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C78AE00D-F028-46B4-94E0-3E65CE5E0FAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C9D053D1-A96E-4412-90AB-FE43D1EF14F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D36FB2EC-F9B1-444B-B9A6-E00C763BFE93}" = lport=56131 | protocol=17 | dir=in | name=pando media booster | 
"{DE6FC2E3-8D07-40A9-A764-B526C1EBC89E}" = lport=56131 | protocol=6 | dir=in | name=pando media booster | 
"{E7ABC1F1-30E4-470C-9C65-82F0275AE668}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{EBA8C482-DA35-45B6-9E5F-1FA78D5C4609}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE113EB3-1C47-404E-B8F9-B39468667A4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FA8C8E48-4B26-4DBF-AE04-91994A522607}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FC11D91C-0EA9-4A4F-A350-4C483C119481}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FEC9F36-55E7-4565-AA56-9B82E2002ADC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A4FBCA3-D9C1-47E6-B5B5-39B906A8AB9C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1C0ECE09-2D03-4129-A5D0-B9C645336404}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2645DC0C-AD54-4EB0-B6EB-9653843BDB7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BD3D60B-6946-474E-A0C2-9CCFE70CAD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2E4EBADC-9569-401D-8958-0178475A1A2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3ED7E54B-D7B1-4B0B-B5DA-B248C06BA353}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4AFACF3A-542B-409D-B34D-2268D655C030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4EB237BB-AD9E-487A-A159-664F7061ECB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5508D762-C23D-4FBF-9B85-02F6527CD714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E7EAFF6-8871-4CB4-9B20-D5A74CCAF78D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6306B3C5-4A0B-47F4-8F23-DBDF8E1A9B6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63BCB838-A747-4442-A379-3FCCBAF8ADA9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7CF3A5A8-C57D-473D-ABC3-4BE164F184C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{81723BB6-A2CC-4923-B0CC-466BAB24E988}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{898FB99A-BD7F-4B45-9C6C-EDAC255FF646}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{950F251F-700C-44D0-BBC5-589794FEBA71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99278C23-A7FF-4ADD-B656-197A6B038465}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9A51A509-425B-4640-9230-8B9B55B6BFEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E6D28C0-1939-4F2D-99B1-584C8171F23C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A279B827-1808-4E82-A36E-5F2471DBE622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A433588D-E728-4216-A29F-DA54511A3648}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B455844C-D1CA-4970-8163-6E7807CF5BBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BAB2A45A-2BFF-4B50-B8F8-434E9A264137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE7B32FE-75C2-4910-B78E-B275B9BCF94C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BF020188-66DD-45C5-AF4F-FD59FA828195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C964C7AC-856B-4924-8C6C-31A738DC3B28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D43C164A-EB95-419C-84EF-5720C579CE05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E108BE0C-591A-4EAF-8211-C57654CFC6C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E48FD604-81EC-4F09-9E50-61E5EAEE2DE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA29A2AD-043F-4BF5-8648-CEF6C993C644}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FB83972D-73D3-45DA-82AC-88D9D3CB9A02}" = protocol=6 | dir=out | app=system | 
"{FD73822A-EDF2-44CB-8409-9B2F91F3912F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FE2C30CF-2201-4FD0-BCE1-A5657E54F42F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{63F3DEDD-436A-49C7-B044-D16B6949D233}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"TCP Query User{B05CFB33-1104-4FD5-91BF-E65224CE99A8}D:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe | 
"TCP Query User{E3C46693-2C66-419B-A113-7C577D3B0B34}D:\games\css\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=d:\games\css\counter strike source 2010\hl2.exe | 
"TCP Query User{FD11F96D-CF79-4230-90AC-6717A3261621}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{120FD196-05B4-4278-9FCF-D5D05CFCC2A5}D:\games\css\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=d:\games\css\counter strike source 2010\hl2.exe | 
"UDP Query User{9F176D83-F564-47FA-AB33-17B47FBD863E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{A3F8F93A-E3C9-49B9-AA9E-D20F64383C6D}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{FCEFEB5A-EE89-49F4-90D0-C5F0166BC9BF}D:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.4.2 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Standard)
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/17/2012 7:54:05 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/21/2012 3:25:53 PM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/22/2012 10:50:54 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program ifunbox.exe version 1.99.958.697 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 30c4    Start
 Time: 01cd68191cc86fbf    Termination Time: 3    Application Path: C:\Program Files (x86)\i-Funbox
 DevTeam\ifunbox.exe    Report Id: a191d119-d40c-11e1-b19f-902b34143dc1  
 
Error - 7/23/2012 5:40:37 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/26/2012 8:09:25 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/27/2012 9:08:20 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/29/2012 5:55:50 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/30/2012 7:46:02 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program PDApp.exe version 1.0.175.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: e8c    Start Time:
 01cd6e44366751d6    Termination Time: 2    Application Path: C:\Program Files (x86)\Common
 Files\Adobe\OOBE\PDApp\UWA\..\core\PDApp.exe    Report Id:   
 
Error - 7/30/2012 11:54:02 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 7/31/2012 4:37:43 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program LolClient.exe version 2.0.2.12610 stopped interacting 
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: bec    Start
 Time: 01cd6ef2d97a1aab    Termination Time: 2    Application Path: C:\Riot Games\League
 of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe

Report
 Id: daf932dd-daea-11e1-b37d-902b34143dc1  
 
[ System Events ]
Error - 7/28/2012 12:42:46 PM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR8.
 
Error - 7/28/2012 12:42:46 PM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR8.
 
Error - 7/28/2012 6:36:09 PM | Computer Name = NeX-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:34:48 AM on ?7/?29/?2012 was unexpected.
 
Error - 7/28/2012 6:37:02 PM | Computer Name = NeX-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 7/29/2012 8:06:34 AM | Computer Name = NeX-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:05:42 PM on ?7/?29/?2012 was unexpected.
 
Error - 7/30/2012 7:27:23 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 7/30/2012 7:27:23 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 7/30/2012 7:27:24 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 7/30/2012 7:27:24 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 7/30/2012 7:27:25 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
 
< End of report >
         
Wäre nett, wenn ihr mir helfen könnt das ohne Formatieren wieder hinzubekommen, habe nämlich erst letztens Win7 neu draufgespielt.

Alt 31.07.2012, 13:39   #2
markusg
/// Malware-holic
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe ()
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe ()
 :Files
C:\Users\NeX\AppData\Roaming\KB00326579.exe
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
bitt bei namen den namen des betroffenen kontos eintragen
__________________

__________________

Alt 31.07.2012, 13:56   #3
nex120
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



So, habe die die Ordner wie du gesagt hast hochgeladen und den Link zu dem Topic hier darein kopiert, ich hoffe du kannst die jetzt irgendwie einsehen :P
Code:
ATTFilter
Datei: MovedFiles.zip_1 empfangen
Datei: cache.rar empfangen

Vorgang erfolgreich abgeschlossen.
         
Das hier müsste das Log vom Fix sein.

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KB00326579.exe deleted successfully.
C:\Users\NeX\AppData\Roaming\KB00326579.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KB00326579.exe not found.
File C:\Users\NeX\AppData\Roaming\KB00326579.exe not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_134329
         
__________________

Alt 31.07.2012, 14:05   #4
markusg
/// Malware-holic
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



hi

danke für den upload.
kommst du wieder in deinen account?
wenn ja:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 14:06   #5
markusg
/// Malware-holic
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



edit, doppelpost

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 14:13   #6
nex120
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



Ne, ich komme nicht in meinen normalen Account (Nex), da kommt weiterhin die Meldung mit Ucash blah...

Soll ich ComboFix von meinem Admin Account starten?

So, jetzt hats geklappt:

Code:
ATTFilter
ComboFix 12-07-30.03 - Admin 07/31/2012  18:15:21.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4058.2771 [GMT 2:00]
Running from: c:\users\NeX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Local\assembly\tmp
c:\users\NeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-31  )))))))))))))))))))))))))))))))
.
.
2012-07-31 16:18 . 2012-07-31 16:25	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2012-07-31 16:18 . 2012-07-31 16:18	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 16:18 . 2012-07-31 16:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-31 11:43 . 2012-07-31 11:47	--------	d-----w-	C:\_OTL
2012-07-31 10:22 . 2012-07-31 10:22	--------	d-----w-	c:\users\Admin\AppData\Roaming\Razer
2012-07-31 09:44 . 2012-07-31 09:44	--------	d--h--w-	c:\users\NeX\AppData\Roaming\B2196877
2012-07-28 22:37 . 2012-07-28 22:37	--------	d-----w-	c:\users\Admin\AppData\Roaming\LolClient
2012-07-28 16:29 . 2012-07-28 16:29	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-07-28 15:54 . 2012-07-29 15:21	--------	d-----w-	c:\users\NeX\AppData\Roaming\FileZilla
2012-07-28 15:54 . 2012-07-28 15:54	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-07-27 22:07 . 2012-07-27 22:07	--------	d-----w-	c:\programdata\TERA
2012-07-26 15:32 . 2012-07-26 15:32	--------	d-----w-	c:\users\NeX\AppData\Roaming\NVIDIA
2012-07-22 14:48 . 2012-07-22 14:48	--------	d-----w-	c:\users\NeX\AppData\Roaming\iFunbox_UserCache
2012-07-22 14:48 . 2012-07-22 14:48	--------	d-----w-	c:\program files (x86)\i-Funbox DevTeam
2012-07-16 08:50 . 2012-07-16 08:50	--------	d-----w-	c:\users\NeX\AppData\Local\Microsoft Help
2012-07-14 14:22 . 2012-07-14 14:22	--------	d-----w-	c:\users\NeX\AppData\Roaming\LolClient
2012-07-14 12:39 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2012-07-14 12:39 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-14 12:39 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2012-07-14 12:36 . 2012-07-14 12:36	--------	d-----w-	C:\Riot Games
2012-07-13 22:14 . 2012-07-13 23:20	--------	d-----w-	c:\users\NeX\AppData\Roaming\TS3Client
2012-07-13 22:14 . 2012-07-13 22:14	--------	d-----w-	c:\users\NeX\AppData\Local\TeamSpeak 3 Client
2012-07-12 01:05 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 21:51 . 2012-07-11 21:51	--------	d-----w-	c:\program files (x86)\Gameforge
2012-07-10 17:51 . 2012-07-10 17:51	--------	d-----w-	c:\users\NeX\temp
2012-07-10 17:51 . 2012-07-10 18:13	--------	d-----w-	c:\users\NeX\AppData\Roaming\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 23:17 . 2012-06-07 10:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 23:17 . 2012-06-07 10:44	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:02 . 2012-06-07 02:22	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-18 18:00 . 2012-06-22 13:24	92160	----a-w-	c:\windows\system32\ff_vfw.dll
2012-06-09 17:21 . 2012-06-22 13:24	206336	----a-w-	c:\windows\system32\unrar.dll
2012-06-07 11:29 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-06-07 11:29 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-06-07 11:20 . 2012-06-07 11:20	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-07 01:47 . 2012-06-07 01:47	189384	----a-w-	c:\windows\system32\javaw.exe
2012-06-07 01:47 . 2012-06-07 01:47	188872	----a-w-	c:\windows\system32\java.exe
2012-06-07 01:46 . 2012-06-07 01:46	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-06-07 01:46 . 2012-06-07 01:46	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-07 01:46 . 2012-06-07 01:46	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-07 01:46 . 2012-06-07 01:46	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-06-07 01:46 . 2012-06-07 01:46	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-06-07 01:46 . 2012-06-07 01:46	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-06-07 01:46 . 2012-06-07 01:46	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-06-07 01:46 . 2012-06-07 01:46	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-06-07 01:46 . 2012-06-07 01:46	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-06-07 01:46 . 2012-06-07 01:46	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-06-07 01:46 . 2012-06-07 01:46	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-06-07 01:46 . 2012-06-07 01:46	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-06-07 01:46 . 2012-06-07 01:46	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-06-07 01:46 . 2012-06-07 01:46	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-06-07 01:46 . 2012-06-07 01:46	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-06-07 01:46 . 2012-06-07 01:46	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-06-07 01:46 . 2012-06-07 01:46	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-06-07 01:46 . 2012-06-07 01:46	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-06-07 01:46 . 2012-06-07 01:46	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-06-07 01:46 . 2012-06-07 01:46	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-06-07 01:46 . 2012-06-07 01:46	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-06-07 01:46 . 2012-06-07 01:46	222208	----a-w-	c:\windows\system32\msls31.dll
2012-06-07 01:46 . 2012-06-07 01:46	197120	----a-w-	c:\windows\system32\msrating.dll
2012-06-07 01:46 . 2012-06-07 01:46	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-06-07 01:46 . 2012-06-07 01:46	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-06-07 01:46 . 2012-06-07 01:46	149504	----a-w-	c:\windows\system32\occache.dll
2012-06-07 01:46 . 2012-06-07 01:46	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-06-07 01:46 . 2012-06-07 01:46	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-06-07 01:46 . 2012-06-07 01:46	12288	----a-w-	c:\windows\system32\mshta.exe
2012-06-07 01:46 . 2012-06-07 01:46	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-06-07 01:46 . 2012-06-07 01:46	114176	----a-w-	c:\windows\system32\admparse.dll
2012-06-07 01:46 . 2012-06-07 01:46	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-06-07 01:46 . 2012-06-07 01:46	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-06-07 01:46 . 2012-06-07 01:46	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-06-07 01:46 . 2012-06-07 01:46	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-06-07 01:46 . 2012-06-07 01:46	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-06-07 01:46 . 2012-06-07 01:46	82432	----a-w-	c:\windows\system32\icardie.dll
2012-06-07 01:46 . 2012-06-07 01:46	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-06-07 01:46 . 2012-06-07 01:46	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-06-07 01:46 . 2012-06-07 01:46	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-06-07 01:46 . 2012-06-07 01:46	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-06-07 01:46 . 2012-06-07 01:46	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-06-07 01:46 . 2012-06-07 01:46	448512	----a-w-	c:\windows\system32\html.iec
2012-06-07 01:46 . 2012-06-07 01:46	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-06-07 01:46 . 2012-06-07 01:46	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-06-07 01:46 . 2012-06-07 01:46	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-06-07 01:46 . 2012-06-07 01:46	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-06-07 01:46 . 2012-06-07 01:46	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-06-07 01:46 . 2012-06-07 01:46	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-06-07 01:46 . 2012-06-07 01:46	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-06-07 01:46 . 2012-06-07 01:46	160256	----a-w-	c:\windows\system32\wextract.exe
2012-06-07 01:46 . 2012-06-07 01:46	103936	----a-w-	c:\windows\system32\inseng.dll
2012-06-02 22:19 . 2012-06-22 09:54	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:55	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:55	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:55	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 09:54	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:55	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 09:54	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 09:54	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 09:54	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-22 13:47 . 2012-06-18 13:43	405176	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-15 10:48 . 2012-06-07 01:09	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-06-07 01:09	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-06-07 01:08	8139072	----a-w-	c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-07 01:08	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-07 01:08	5982528	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-07 01:08	2881856	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-07 01:08	2681664	----a-w-	c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-07 01:08	25743168	----a-w-	c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-07 01:08	2524992	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-07 01:08	2445120	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-07 01:08	19607872	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-07 01:08	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-07 01:08	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-07 01:08	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-07 01:08	14298944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-07 01:08	17551680	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-06-07 01:08	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-06-07 01:08	25248064	----a-w-	c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-07 01:08	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-07-13 21:59	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2012-06-07 01:09	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-06-07 01:09	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-06-07 01:09	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-06-07 01:09	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-07 01:09	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-06-07 01:09	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-14 23:41 . 2012-06-07 00:24	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAAC30D-8D9D-43C9-84D6-3B72C33E3079}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-6-7 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-07 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\NeX\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2012-06-07 14544]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 23:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3hirubpt.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-31  18:28:08 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-31 16:28
.
Pre-Run: 223,860,613,120 bytes free
Post-Run: 225,236,275,200 bytes free
.
- - End Of File - - C59EE868624D12EC2915552A2973E841
         
Sollte ich eigentlich möglichst die meiste Zeit offline sein, während der Trojaner noch drauf ist?

Alt 01.08.2012, 21:29   #7
markusg
/// Malware-holic
 
GUV-Trojaner (EXP/Java.Ivinest.Gen) - Standard

GUV-Trojaner (EXP/Java.Ivinest.Gen)



nur hier surfen, der normale account sollte jetzt aber wieder gehen
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GUV-Trojaner (EXP/Java.Ivinest.Gen)
antivir, application/pdf:, avira, bho, bildschirm, bonjour, browser, converter, error, excel, exp/java.ivinest.gen, failed, firefox, flash player, geld, helper, install.exe, langs, logfile, mp3, nvidia update, object, office 2007, pando media booster, problem, scan, security, software, svchost.exe, teamspeak, trojaner, usb 3.0, win7 64, windows



Ähnliche Themen: GUV-Trojaner (EXP/Java.Ivinest.Gen)


  1. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  2. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  3. Trojaner Java/ClassLoader in Anwendungsdaten\Sun\Java\
    Log-Analyse und Auswertung - 23.04.2013 (9)
  4. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  5. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  6. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  7. Exploits EXP/JAVA.Ivinest.Gen und EXP/CVE-2012-1723
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (17)
  8. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  9. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  10. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  11. Java-Virus JAVA/Tange.C, Java-Virus JAVA/Stutter.AI.3,...
    Log-Analyse und Auswertung - 07.10.2012 (14)
  12. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  13. TR/Spy.Banker.RS und EXP/JAVA.Ivinest.Gen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (3)
  14. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  15. Java Trojaner Fund trotz deinstaliertem Java
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (3)
  16. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  17. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (18)

Zum Thema GUV-Trojaner (EXP/Java.Ivinest.Gen) - Hallo, ich habe mir vorhin beim surfen wohl einen Trojaner eingefangen. Seitdem bekomme ich nur noch einen weissen Bildschirm mit einer Meldung von der GUV, dass ich per paysafecard Geld - GUV-Trojaner (EXP/Java.Ivinest.Gen)...
Archiv
Du betrachtest: GUV-Trojaner (EXP/Java.Ivinest.Gen) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.