| |
| |||||||
Log-Analyse und Auswertung: FBDownloader nervt im Firfox rumWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.11.2012, 22:39
| #16 |
| |  FBDownloader nervt im Firfox rum Hallo ryder, so nun geht's endlich weiter bei mir. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 22:03:53 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 58,44% Memory free 2,53 Gb Paging File | 1,40 Gb Available in Paging File | 55,59% Paging File free Paging file location(s): c:\pagefile.sys 576 3016 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,92 Gb Total Space | 25,68 Gb Free Space | 25,19% Space Free | Partition Type: NTFS Drive D: | 9,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive E: | 52,17 Mb Total Space | 48,25 Mb Free Space | 92,49% Space Free | Partition Type: FAT32 Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 18:39:49 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.04 22:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe PRC - [2012.10.30 19:24:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 19:24:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.30 19:24:02 | 000,181,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 12:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.06.06 16:34:34 | 000,395,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.06.06 16:34:28 | 000,845,864 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.06.06 16:33:02 | 002,637,520 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.10.29 02:18:52 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe PRC - [2009.10.12 07:51:52 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009.10.12 07:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.03.02 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe PRC - [2008.08.13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\Training Center\gStart.exe ========== Modules (No Company Name) ========== MOD - [2012.11.07 20:24:43 | 000,379,904 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\libsqlitejdbc-2050569155892616156.lib MOD - [2012.11.07 20:24:35 | 000,197,120 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\WindowsAPI.dll MOD - [2012.06.14 16:50:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 16:50:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.12 17:28:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.12 17:19:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 17:19:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 17:19:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 17:18:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.07.25 09:11:00 | 000,045,056 | ---- | M] () -- C:\Program Files\XemiComputers\Photo Gadget\ShellResize.dll ========== Services (SafeList) ========== SRV - [2012.10.30 22:25:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 19:24:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 19:24:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 17:54:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 12:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.07.05 01:33:00 | 000,032,768 | ---- | M] (STRATO) [Disabled | Stopped] -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.06 16:34:28 | 000,845,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.10.12 07:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.08 19:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.03.02 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HP\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.11.13 18:39:58 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 18:39:58 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 18:39:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.03.14 18:08:51 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2012.03.14 18:08:44 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.03.14 18:08:44 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53) DRV - [2012.03.14 18:08:43 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.05 01:33:02 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.10.29 02:18:52 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs) DRV - [2009.10.12 07:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.09.29 18:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO) DRV - [2009.09.02 02:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.09.06 21:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1) DRV - [2005.12.01 10:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{39B0BD1E-9783-4A45-B148-AC57AC787539}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 22:25:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 22:25:21 | 000,000,000 | ---D | M] [2011.10.07 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2012.08.29 17:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\xisewvnu.default\extensions [2012.08.29 17:20:33 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\xisewvnu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.10.18 20:43:57 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi [2012.01.04 09:14:07 | 000,519,339 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.27 18:55:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.30 22:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.10.30 22:25:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 09:02:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 20:24:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 09:02:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 09:02:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 09:02:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 09:02:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.04 17:11:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk () O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [gStart] C:\Program Files\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe () O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [Simplify Media] C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe (Simplify Media, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B9246FB-3ACA-4737-B96D-1EB41C77EC07}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77D28686-9258-43CD-BD03-6682FFDAB831}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: WudfRd - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\OTL [2012.11.07 20:20:53 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.04 22:08:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012.11.04 17:14:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.11.04 16:50:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.04 16:50:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.04 16:50:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.04 16:50:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.04 16:49:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.03 19:15:06 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Virus Log [2012.11.03 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2012.11.03 18:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 18:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 18:57:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.03 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.03 18:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller [2012.11.03 18:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller [2012.11.03 15:47:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mozilla-Cache [2012.11.03 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Party [2012.11.03 15:40:46 | 000,000,000 | ---D | C] -- C:\Programs [2012.11.02 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Spider Player [2012.10.30 23:22:15 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.30 23:10:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Apple Computer [2012.10.30 23:10:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Apple Computer [2012.10.30 23:10:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.10.30 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.30 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.30 23:07:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Apple [2012.10.30 23:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.10.30 22:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.30 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\IPod [2012.10.30 21:34:48 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\WindSolutions [2012.10.30 21:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.10.27 22:26:00 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.10.27 22:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.10.23 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2012.10.23 18:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.23 18:40:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.23 18:40:19 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.23 18:40:19 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.23 18:40:19 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.23 18:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.23 18:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.11.14 21:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 21:40:29 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job [2012.11.14 21:34:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.13 18:39:58 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 18:39:58 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 18:39:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.10 12:20:51 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 12:20:51 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.07 20:27:36 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.07 20:27:36 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.07 20:27:36 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.07 20:27:36 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.04 22:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012.11.04 21:53:57 | 000,540,977 | ---- | M] () -- C:\Users\HP\Desktop\adwcleaner.exe [2012.11.04 17:11:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.03 18:57:16 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 18:44:18 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk [2012.11.02 22:27:39 | 002,167,684 | ---- | M] () -- C:\Windows\System32\CT4MGM.SF2 [2012.10.23 18:40:25 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.11.14 21:40:26 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHP.job [2012.11.04 21:53:35 | 000,540,977 | ---- | C] () -- C:\Users\HP\Desktop\adwcleaner.exe [2012.11.04 16:50:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.04 16:50:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.04 16:50:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.04 16:50:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.04 16:50:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.03 18:57:16 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 18:44:18 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk [2012.11.02 22:27:36 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2 [2012.10.23 18:40:25 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.21 08:44:06 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.04.11 13:21:33 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.01.24 22:47:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT [2011.11.26 13:36:26 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.26 13:36:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.11.02 14:49:33 | 000,000,218 | ---- | C] () -- C:\Users\HP\.recently-used.xbel [2011.10.07 20:03:29 | 000,007,609 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2011.10.07 19:03:32 | 000,001,212 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.04 17:14:21 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN [2012.03.15 21:11:59 | 000,000,000 | R--D | M] -- C:\acroldr [2009.11.21 09:38:27 | 000,000,000 | ---D | M] -- C:\boot [2012.01.24 22:47:11 | 000,000,000 | ---D | M] -- C:\Brother [2012.11.02 20:08:45 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.17 17:13:14 | 000,000,000 | ---D | M] -- C:\dvmexp [2009.12.24 06:08:26 | 000,000,000 | ---D | M] -- C:\HP [2011.07.17 17:13:15 | 000,000,000 | ---D | M] -- C:\HPMBackup [2011.10.08 15:27:46 | 000,000,000 | ---D | M] -- C:\MapSource [2012.10.27 22:26:00 | 000,000,000 | ---D | M] -- C:\Microgaming [2012.03.28 21:37:18 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.04 21:58:35 | 000,000,000 | ---D | M] -- C:\Program Files [2012.11.07 20:24:33 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.03 15:40:46 | 000,000,000 | ---D | M] -- C:\Programs [2012.11.04 17:20:11 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.07.17 17:12:46 | 000,000,000 | ---D | M] -- C:\Recovery [2011.07.26 22:10:18 | 000,000,000 | ---D | M] -- C:\SPLASH.000 [2011.07.17 17:13:14 | 000,000,000 | ---D | M] -- C:\SPLASH.SYS [2012.01.24 22:20:11 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.11.14 22:07:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.17 17:14:36 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV [2011.10.31 22:46:10 | 000,000,000 | ---D | M] -- C:\temp [2012.03.26 07:12:49 | 000,000,000 | R--D | M] -- C:\Users [2012.11.04 17:14:30 | 000,000,000 | ---D | M] -- C:\Windows [2012.11.07 20:20:53 | 000,000,000 | ---D | M] -- C:\_OTL < %SYSTEMDRIVE%\*.* > [2012.11.04 21:56:10 | 000,002,482 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012.11.04 21:58:51 | 000,002,575 | ---- | M] () -- C:\AdwCleaner[S1].txt [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2012.11.04 17:20:05 | 000,016,090 | ---- | M] () -- C:\ComboFix.txt [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011.12.16 22:06:21 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.01.16 20:27:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.16 20:27:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.07 20:22:58 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys [2011.07.17 17:13:16 | 000,000,061 | -H-- | M] () -- C:\splash.idx [2009.11.06 19:30:12 | 000,006,832 | -H-- | M] () -- C:\version < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > < %appdata%\*. > [2011.07.31 02:59:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\.minecraft [2012.03.14 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\7C551F12-398A-42E7-A6A3-30106083BEC2 [2012.03.14 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Acronis [2011.10.07 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Adobe [2011.10.09 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\anpo.republika.pl [2012.10.30 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Apple Computer [2012.03.24 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ArcSoft [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Artweaver Free [2011.10.29 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ATViewer [2012.10.23 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Avira [2011.11.26 13:38:48 | 000,000,000 | R--D | M] -- C:\Users\HP\AppData\Roaming\Brother [2011.10.07 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\CyberLink [2012.03.28 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\DAEMON Tools Lite [2011.10.09 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\fltk.org [2012.08.29 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Garmin [2012.11.07 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\GrooveMonitor Utility [2011.11.02 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\gtk-2.0 [2012.01.24 22:39:12 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard [2011.11.21 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\HP Support Assistant [2012.02.08 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\hpqLog [2011.11.21 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\HpUpdate [2011.07.26 19:16:54 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Identities [2012.01.24 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\InstallShield [2011.10.24 20:22:01 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Jumping Bytes [2011.07.26 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Macromedia [2012.11.03 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2012.10.22 21:25:10 | 000,000,000 | --SD | M] -- C:\Users\HP\AppData\Roaming\Microsoft [2011.10.24 20:31:43 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mobile Master [2011.10.07 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mozilla [2012.11.03 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mozilla-Cache [2012.04.11 12:12:03 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mresreg [2011.10.07 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Opera [2012.11.03 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Party [2012.09.19 06:39:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Skype [2011.10.16 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\STRATO [2012.01.02 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Template [2011.12.16 21:40:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\TuneUp Software [2012.10.30 21:34:48 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WindSolutions [2011.10.08 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WinRAR [2012.11.04 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ZumoDrive < %appdata%\*.* > [2012.08.21 13:13:44 | 000,001,212 | ---- | M] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat < %appdata%\*.exe /s > [2011.11.08 21:38:24 | 000,002,550 | R--- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{7D8E033D-CDFB-44B0-BEB9-D4206B537526}\_546E2AC589C76596285F5A.exe < %localappdata%\*. > [2011.10.07 18:32:13 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Adobe [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Anwendungsdaten [2012.10.30 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Apple [2012.10.30 23:10:28 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Apple Computer [2012.03.24 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\ArcSoft [2012.11.04 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\CrashDumps [2012.10.24 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Diagnostics [2011.07.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Downloaded Installations [2012.07.24 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\ElevatedDiagnostics [2011.10.08 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Garmin [2011.10.08 16:19:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\GARMIN_Corp [2011.07.26 19:16:22 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Hewlett-Packard [2012.08.31 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Macromedia [2012.10.22 21:25:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft [2011.10.07 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft Games [2012.03.28 21:37:54 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft Help [2011.12.31 13:42:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\MigWiz [2011.10.24 20:27:23 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Mobile Master [2011.10.07 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Mozilla [2011.10.07 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Opera [2012.03.24 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Programs [2011.07.26 19:17:30 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Simplify Media [2012.11.14 22:02:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Temp [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Temporary Internet Files [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Verlauf [2012.04.11 12:12:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\VirtualStore < %localappdata%\*.* > [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\AtStart.txt [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\DSwitch.txt [2012.04.12 11:28:47 | 000,123,864 | ---- | M] () -- C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.07 20:11:09 | 005,925,857 | -H-- | M] () -- C:\Users\HP\AppData\Local\IconCache.db [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\QSwitch.txt [2011.12.31 13:02:34 | 000,007,609 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg < %localappdata%\*.exe /s > < %allusersprofile%\*. > [2012.10.30 23:19:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.07.12 20:07:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis [2009.11.20 22:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.10.30 23:07:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2012.10.30 23:09:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.04.06 13:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ArcSoft [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver Free [2012.10.23 18:40:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.06.21 08:44:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Brother [2012.04.18 19:07:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2009.12.24 05:53:51 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink [2012.03.28 21:02:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.10.08 16:37:50 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN [2012.01.24 22:18:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard [2011.10.22 13:19:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi Suite [2012.11.03 18:57:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.10.07 20:12:28 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee [2012.10.27 22:26:00 | 000,000,000 | ---D | M] -- C:\ProgramData\MGS [2012.03.28 21:40:54 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.10.11 06:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2011.10.24 20:27:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Mobile Master [2012.04.24 19:44:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2012.11.07 20:02:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2011.12.31 22:30:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Recovery [2012.09.18 05:42:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.10.08 20:41:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2009.12.24 05:54:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.12.16 21:41:39 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2012.04.11 13:22:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.10.07 19:05:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent [2012.10.30 21:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions [2011.12.16 21:39:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.01.24 22:21:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} [2009.12.24 06:02:48 | 000,000,000 | ---D | M] -- C:\ProgramData\{F2E8831F-467B-4311-B6BA-1BC1D244539A} < %allusersprofile%\*.* > [2012.11.07 20:24:33 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt [2009.12.24 05:55:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009.11.20 23:24:21 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009.12.24 05:54:42 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009.11.20 23:23:07 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log < %allusersprofile%\*.exe /s > [2010.03.18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACDaemon.exe [2009.01.13 10:06:16 | 000,051,712 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACRun.exe [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACService.exe [2009.09.28 08:42:50 | 000,100,864 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACStart.exe [2008.09.27 17:52:00 | 000,192,512 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\AcStBmhE.exe [2012.04.06 13:00:40 | 001,680,607 | ---- | M] (ArcSoft Inc. ) -- C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe [2012.10.30 19:24:02 | 000,181,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe [2012.11.13 18:39:00 | 000,619,808 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [2012.10.30 19:24:02 | 000,046,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [2011.06.14 12:57:22 | 000,850,488 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011.04.13 15:16:52 | 000,067,128 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\unzip.exe [2011.06.08 16:58:36 | 000,165,432 | ---- | M] (Microsoft) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\WaitWindow.exe [2011.09.26 17:42:06 | 001,248,824 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011.06.20 04:21:32 | 000,263,520 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\google\googledevsetup.exe [2011.06.20 04:21:32 | 000,408,928 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\google\googledevsetup64.exe [2011.06.20 04:21:26 | 000,251,232 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\normaldevsetup.exe [2011.06.20 04:21:26 | 000,378,720 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\normaldevsetup64.exe [2011.06.20 04:21:26 | 000,006,144 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\sentscsi.exe [2011.06.20 04:21:24 | 000,006,144 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\sentscsi.exe [2011.06.20 04:21:24 | 000,251,232 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\tmodevsetup.exe [2011.06.20 04:21:24 | 000,378,720 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\tmodevsetup64.exe [2012.10.30 23:16:27 | 000,105,692 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{C2EB6F2C-9836-CCCE-F2FB-A59BBC8D421D}-Uninstall.exe [2009.04.14 03:48:46 | 025,432,456 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\10dbb1bc-ef1b-4c2e-9bea-aaba3f42532c-extr.exe [2009.04.24 07:37:40 | 103,123,728 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe [2009.04.14 16:50:14 | 026,023,208 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe [2009.04.14 17:22:38 | 018,465,576 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\396dddb2-e59d-44c3-9321-6a2dc7f717a3-extr.exe [2009.04.24 13:29:02 | 155,359,672 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\49edfae8-e0cc-45fb-96e6-d60571dd122d-extr.exe [2009.04.14 16:51:40 | 024,343,096 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\4bae280a-b121-48bd-9d2c-ec5f3103c761-extr.exe [2009.04.14 03:04:08 | 043,609,640 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\5446413b-8694-4af0-86d1-11f30157ac5c-extr.exe [2009.06.26 01:22:08 | 041,982,136 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\5ae0d760-ddcf-4247-85df-eacefd518e86-extr.exe [2009.04.14 03:44:44 | 014,411,352 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6B2E06FE-9D3B-476F-A58A-28CD98C654B5-extr.exe [2009.06.26 00:43:26 | 245,649,488 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6BDF3201-10E6-46ED-9A87-7FD18C418CFD-extr.exe [2009.04.14 17:15:00 | 085,341,344 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6e41fe57-1e36-4f26-9b0c-cc7c2417a7d9-extr.exe [2009.04.24 10:40:10 | 067,277,480 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe [2009.06.26 01:45:20 | 062,973,760 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\704a6f6e-ca20-4e4a-8c72-e4ad7aec251b-extr.exe [2009.04.14 16:48:20 | 023,390,080 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\951226E3-26FC-40BC-8085-3677B1128F59-extr.exe [2009.06.26 23:52:46 | 028,741,640 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\97c6c84d-af97-4b1c-8398-7e568c154911-extr.exe [2009.06.25 23:22:26 | 097,764,992 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\A4B598D2-9BFF-456F-A667-D3B8A0849286-extr.exe [2009.06.26 01:49:32 | 073,003,160 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\bba80652-58a7-4320-a64f-475fdbda4363-extr.exe [2009.04.24 14:52:10 | 046,878,152 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe [2009.04.24 14:31:46 | 034,288,056 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe [2009.04.14 16:35:16 | 014,181,696 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\e551d534-a4ef-4dac-9c20-c80b2c806ad8-extr.exe [2009.07.14 19:17:06 | 033,442,912 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\f10f89f1-9c08-4d85-9169-a28ba1fc6ab0-extr.exe [2009.04.14 16:46:14 | 048,113,568 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe [2009.06.25 22:40:28 | 035,657,496 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\FA9E2D68-8707-44C8-B93D-2FF048183749-extr.exe [2009.04.14 16:16:06 | 045,817,568 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\fb65380e-3812-44f7-bbec-128e82369adf-extr.exe [2011.10.07 19:05:04 | 001,042,304 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\My HP Game Console\Downloads\de\Installers\SetupGamesClient.exe [2011.10.07 19:09:21 | 000,976,312 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe [2011.10.07 19:09:20 | 000,000,178 | ---- | M] () -- C:\ProgramData\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata [2011.09.28 19:54:04 | 000,466,632 | ---- | M] (WildTangent, Inc.) -- C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe < > < End of report > Eine Extra.txt konnte ich nicht finden. |
|
14.11.2012, 22:42
| #17 |
| | FBDownloader nervt im Firfox rum Hallo ryder,
__________________so nun geht's endlich weiter bei mir. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 22:03:53 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 58,44% Memory free 2,53 Gb Paging File | 1,40 Gb Available in Paging File | 55,59% Paging File free Paging file location(s): c:\pagefile.sys 576 3016 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 101,92 Gb Total Space | 25,68 Gb Free Space | 25,19% Space Free | Partition Type: NTFS Drive D: | 9,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive E: | 52,17 Mb Total Space | 48,25 Mb Free Space | 92,49% Space Free | Partition Type: FAT32 Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 18:39:49 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.04 22:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe PRC - [2012.10.30 19:24:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 19:24:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.30 19:24:02 | 000,181,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 12:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.06.06 16:34:34 | 000,395,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.06.06 16:34:28 | 000,845,864 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.06.06 16:33:02 | 002,637,520 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.10.29 02:18:52 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe PRC - [2009.10.12 07:51:52 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009.10.12 07:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.03.02 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe PRC - [2008.08.13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\Training Center\gStart.exe ========== Modules (No Company Name) ========== MOD - [2012.11.07 20:24:43 | 000,379,904 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\libsqlitejdbc-2050569155892616156.lib MOD - [2012.11.07 20:24:35 | 000,197,120 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\WindowsAPI.dll MOD - [2012.06.14 16:50:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 16:50:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.12 17:28:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.12 17:19:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 17:19:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 17:19:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 17:18:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.07.25 09:11:00 | 000,045,056 | ---- | M] () -- C:\Program Files\XemiComputers\Photo Gadget\ShellResize.dll ========== Services (SafeList) ========== SRV - [2012.10.30 22:25:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 19:24:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 19:24:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 17:54:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 12:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.07.05 01:33:00 | 000,032,768 | ---- | M] (STRATO) [Disabled | Stopped] -- C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.06.06 16:34:28 | 000,845,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.10.12 07:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.08 19:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.03.02 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HP\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.11.13 18:39:58 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 18:39:58 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 18:39:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.03.14 18:08:51 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2012.03.14 18:08:44 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.03.14 18:08:44 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53) DRV - [2012.03.14 18:08:43 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.05 01:33:02 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.10.29 02:18:52 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs.sys -- (CbFs) DRV - [2009.10.12 07:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.09.29 18:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO) DRV - [2009.09.02 02:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.09.06 21:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1) DRV - [2005.12.01 10:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{39B0BD1E-9783-4A45-B148-AC57AC787539}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3 FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 22:25:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 22:25:21 | 000,000,000 | ---D | M] [2011.10.07 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2012.08.29 17:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\xisewvnu.default\extensions [2012.08.29 17:20:33 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\xisewvnu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.10.18 20:43:57 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi [2012.01.04 09:14:07 | 000,519,339 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.27 18:55:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\xisewvnu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.30 22:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.10.30 22:25:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 09:02:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 20:24:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 09:02:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 09:02:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 09:02:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 09:02:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.04 17:11:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk () O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [gStart] C:\Program Files\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe () O4 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000..\Run: [Simplify Media] C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe (Simplify Media, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-278946264-2394313596-1596446742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B9246FB-3ACA-4737-B96D-1EB41C77EC07}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77D28686-9258-43CD-BD03-6682FFDAB831}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: WudfRd - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.07 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\OTL [2012.11.07 20:20:53 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.04 22:08:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012.11.04 17:14:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.11.04 16:50:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.04 16:50:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.04 16:50:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.04 16:50:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.04 16:49:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.03 19:15:06 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Virus Log [2012.11.03 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2012.11.03 18:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 18:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 18:57:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.03 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.03 18:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller [2012.11.03 18:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller [2012.11.03 15:47:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mozilla-Cache [2012.11.03 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Party [2012.11.03 15:40:46 | 000,000,000 | ---D | C] -- C:\Programs [2012.11.02 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Spider Player [2012.10.30 23:22:15 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.30 23:10:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Apple Computer [2012.10.30 23:10:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Apple Computer [2012.10.30 23:10:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.10.30 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.30 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.30 23:07:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Apple [2012.10.30 23:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.10.30 22:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.30 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\IPod [2012.10.30 21:34:48 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\WindSolutions [2012.10.30 21:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.10.27 22:26:00 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.10.27 22:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.10.23 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2012.10.23 18:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.23 18:40:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.23 18:40:19 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.23 18:40:19 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.23 18:40:19 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.23 18:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.23 18:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.11.14 21:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 21:40:29 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job [2012.11.14 21:34:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.13 18:39:58 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 18:39:58 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 18:39:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.10 12:20:51 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 12:20:51 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.07 20:27:36 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.07 20:27:36 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.07 20:27:36 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.07 20:27:36 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.04 22:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012.11.04 21:53:57 | 000,540,977 | ---- | M] () -- C:\Users\HP\Desktop\adwcleaner.exe [2012.11.04 17:11:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.03 18:57:16 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 18:44:18 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk [2012.11.02 22:27:39 | 002,167,684 | ---- | M] () -- C:\Windows\System32\CT4MGM.SF2 [2012.10.23 18:40:25 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.11.14 21:40:26 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHP.job [2012.11.04 21:53:35 | 000,540,977 | ---- | C] () -- C:\Users\HP\Desktop\adwcleaner.exe [2012.11.04 16:50:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.04 16:50:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.04 16:50:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.04 16:50:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.04 16:50:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.03 18:57:16 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 18:44:18 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk [2012.11.02 22:27:36 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2 [2012.10.23 18:40:25 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.21 08:44:06 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.04.11 13:21:33 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.01.24 22:47:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT [2011.11.26 13:36:26 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.26 13:36:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.11.02 14:49:33 | 000,000,218 | ---- | C] () -- C:\Users\HP\.recently-used.xbel [2011.10.07 20:03:29 | 000,007,609 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2011.10.07 19:03:32 | 000,001,212 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.04 17:14:21 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN [2012.03.15 21:11:59 | 000,000,000 | R--D | M] -- C:\acroldr [2009.11.21 09:38:27 | 000,000,000 | ---D | M] -- C:\boot [2012.01.24 22:47:11 | 000,000,000 | ---D | M] -- C:\Brother [2012.11.02 20:08:45 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.17 17:13:14 | 000,000,000 | ---D | M] -- C:\dvmexp [2009.12.24 06:08:26 | 000,000,000 | ---D | M] -- C:\HP [2011.07.17 17:13:15 | 000,000,000 | ---D | M] -- C:\HPMBackup [2011.10.08 15:27:46 | 000,000,000 | ---D | M] -- C:\MapSource [2012.10.27 22:26:00 | 000,000,000 | ---D | M] -- C:\Microgaming [2012.03.28 21:37:18 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.04 21:58:35 | 000,000,000 | ---D | M] -- C:\Program Files [2012.11.07 20:24:33 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.03 15:40:46 | 000,000,000 | ---D | M] -- C:\Programs [2012.11.04 17:20:11 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.07.17 17:12:46 | 000,000,000 | ---D | M] -- C:\Recovery [2011.07.26 22:10:18 | 000,000,000 | ---D | M] -- C:\SPLASH.000 [2011.07.17 17:13:14 | 000,000,000 | ---D | M] -- C:\SPLASH.SYS [2012.01.24 22:20:11 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.11.14 22:07:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.17 17:14:36 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV [2011.10.31 22:46:10 | 000,000,000 | ---D | M] -- C:\temp [2012.03.26 07:12:49 | 000,000,000 | R--D | M] -- C:\Users [2012.11.04 17:14:30 | 000,000,000 | ---D | M] -- C:\Windows [2012.11.07 20:20:53 | 000,000,000 | ---D | M] -- C:\_OTL < %SYSTEMDRIVE%\*.* > [2012.11.04 21:56:10 | 000,002,482 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012.11.04 21:58:51 | 000,002,575 | ---- | M] () -- C:\AdwCleaner[S1].txt [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2012.11.04 17:20:05 | 000,016,090 | ---- | M] () -- C:\ComboFix.txt [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011.12.16 22:06:21 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.01.16 20:27:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.16 20:27:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.07 20:22:58 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys [2011.07.17 17:13:16 | 000,000,061 | -H-- | M] () -- C:\splash.idx [2009.11.06 19:30:12 | 000,006,832 | -H-- | M] () -- C:\version < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > < %appdata%\*. > [2011.07.31 02:59:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\.minecraft [2012.03.14 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\7C551F12-398A-42E7-A6A3-30106083BEC2 [2012.03.14 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Acronis [2011.10.07 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Adobe [2011.10.09 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\anpo.republika.pl [2012.10.30 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Apple Computer [2012.03.24 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ArcSoft [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Artweaver Free [2011.10.29 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ATViewer [2012.10.23 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Avira [2011.11.26 13:38:48 | 000,000,000 | R--D | M] -- C:\Users\HP\AppData\Roaming\Brother [2011.10.07 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\CyberLink [2012.03.28 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\DAEMON Tools Lite [2011.10.09 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\fltk.org [2012.08.29 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Garmin [2012.11.07 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\GrooveMonitor Utility [2011.11.02 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\gtk-2.0 [2012.01.24 22:39:12 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard [2011.11.21 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\HP Support Assistant [2012.02.08 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\hpqLog [2011.11.21 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\HpUpdate [2011.07.26 19:16:54 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Identities [2012.01.24 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\InstallShield [2011.10.24 20:22:01 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Jumping Bytes [2011.07.26 19:21:19 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Macromedia [2012.11.03 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2012.10.22 21:25:10 | 000,000,000 | --SD | M] -- C:\Users\HP\AppData\Roaming\Microsoft [2011.10.24 20:31:43 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mobile Master [2011.10.07 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mozilla [2012.11.03 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mozilla-Cache [2012.04.11 12:12:03 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mresreg [2011.10.07 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Opera [2012.11.03 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Party [2012.09.19 06:39:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Skype [2011.10.16 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\STRATO [2012.01.02 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Template [2011.12.16 21:40:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\TuneUp Software [2012.10.30 21:34:48 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WindSolutions [2011.10.08 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WinRAR [2012.11.04 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ZumoDrive < %appdata%\*.* > [2012.08.21 13:13:44 | 000,001,212 | ---- | M] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat < %appdata%\*.exe /s > [2011.11.08 21:38:24 | 000,002,550 | R--- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Installer\{7D8E033D-CDFB-44B0-BEB9-D4206B537526}\_546E2AC589C76596285F5A.exe < %localappdata%\*. > [2011.10.07 18:32:13 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Adobe [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Anwendungsdaten [2012.10.30 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Apple [2012.10.30 23:10:28 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Apple Computer [2012.03.24 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\ArcSoft [2012.11.04 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\CrashDumps [2012.10.24 18:52:38 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Diagnostics [2011.07.17 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Downloaded Installations [2012.07.24 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\ElevatedDiagnostics [2011.10.08 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Garmin [2011.10.08 16:19:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\GARMIN_Corp [2011.07.26 19:16:22 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Hewlett-Packard [2012.08.31 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Macromedia [2012.10.22 21:25:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft [2011.10.07 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft Games [2012.03.28 21:37:54 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Microsoft Help [2011.12.31 13:42:51 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\MigWiz [2011.10.24 20:27:23 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Mobile Master [2011.10.07 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Mozilla [2011.10.07 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Opera [2012.03.24 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Programs [2011.07.26 19:17:30 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Simplify Media [2012.11.14 22:02:06 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\Temp [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Temporary Internet Files [2011.07.17 17:12:59 | 000,000,000 | -HSD | M] -- C:\Users\HP\AppData\Local\Verlauf [2012.04.11 12:12:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Local\VirtualStore < %localappdata%\*.* > [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\AtStart.txt [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\DSwitch.txt [2012.04.12 11:28:47 | 000,123,864 | ---- | M] () -- C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.07 20:11:09 | 005,925,857 | -H-- | M] () -- C:\Users\HP\AppData\Local\IconCache.db [2011.07.26 19:17:28 | 000,000,000 | ---- | M] () -- C:\Users\HP\AppData\Local\QSwitch.txt [2011.12.31 13:02:34 | 000,007,609 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg < %localappdata%\*.exe /s > < %allusersprofile%\*. > [2012.10.30 23:19:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.07.12 20:07:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis [2009.11.20 22:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.10.30 23:07:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2012.10.30 23:09:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.04.06 13:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ArcSoft [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver [2012.04.11 12:31:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver Free [2012.10.23 18:40:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira [2012.06.21 08:44:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Brother [2012.04.18 19:07:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2009.12.24 05:53:51 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink [2012.03.28 21:02:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.10.08 16:37:50 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN [2012.01.24 22:18:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard [2011.10.22 13:19:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi Suite [2012.11.03 18:57:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.10.07 20:12:28 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee [2012.10.27 22:26:00 | 000,000,000 | ---D | M] -- C:\ProgramData\MGS [2012.03.28 21:40:54 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.10.11 06:52:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2011.10.24 20:27:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Mobile Master [2012.04.24 19:44:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2012.11.07 20:02:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2011.12.31 22:30:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Recovery [2012.09.18 05:42:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.10.08 20:41:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2009.12.24 05:54:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.12.16 21:41:39 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2012.04.11 13:22:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems [2011.07.17 17:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.10.07 19:05:58 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent [2012.10.30 21:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions [2011.12.16 21:39:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.01.24 22:21:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} [2009.12.24 06:02:48 | 000,000,000 | ---D | M] -- C:\ProgramData\{F2E8831F-467B-4311-B6BA-1BC1D244539A} < %allusersprofile%\*.* > [2012.11.07 20:24:33 | 000,000,189 | ---- | M] () -- C:\ProgramData\HPWALog.txt [2009.12.24 05:55:01 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009.11.20 23:24:21 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009.12.24 05:54:42 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009.11.20 23:23:07 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log < %allusersprofile%\*.exe /s > [2010.03.18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACDaemon.exe [2009.01.13 10:06:16 | 000,051,712 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACRun.exe [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACService.exe [2009.09.28 08:42:50 | 000,100,864 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\ACStart.exe [2008.09.27 17:52:00 | 000,192,512 | ---- | M] (ArcSoft Inc.) -- C:\ProgramData\ArcSoft\Connect_bk\Connection Service\Bin\AcStBmhE.exe [2012.04.06 13:00:40 | 001,680,607 | ---- | M] (ArcSoft Inc. ) -- C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe [2012.10.30 19:24:02 | 000,181,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe [2012.11.13 18:39:00 | 000,619,808 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [2012.10.30 19:24:02 | 000,046,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [2011.06.14 12:57:22 | 000,850,488 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011.04.13 15:16:52 | 000,067,128 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\unzip.exe [2011.06.08 16:58:36 | 000,165,432 | ---- | M] (Microsoft) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\WaitWindow.exe [2011.09.26 17:42:06 | 001,248,824 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011.06.20 04:21:32 | 000,263,520 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\google\googledevsetup.exe [2011.06.20 04:21:32 | 000,408,928 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\google\googledevsetup64.exe [2011.06.20 04:21:26 | 000,251,232 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\normaldevsetup.exe [2011.06.20 04:21:26 | 000,378,720 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\normaldevsetup64.exe [2011.06.20 04:21:26 | 000,006,144 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\normal\sentscsi.exe [2011.06.20 04:21:24 | 000,006,144 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\sentscsi.exe [2011.06.20 04:21:24 | 000,251,232 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\tmodevsetup.exe [2011.06.20 04:21:24 | 000,378,720 | ---- | M] () -- C:\ProgramData\Hi Suite\userdata\driver\tmo\tmodevsetup64.exe [2012.10.30 23:16:27 | 000,105,692 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{C2EB6F2C-9836-CCCE-F2FB-A59BBC8D421D}-Uninstall.exe [2009.04.14 03:48:46 | 025,432,456 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\10dbb1bc-ef1b-4c2e-9bea-aaba3f42532c-extr.exe [2009.04.24 07:37:40 | 103,123,728 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe [2009.04.14 16:50:14 | 026,023,208 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe [2009.04.14 17:22:38 | 018,465,576 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\396dddb2-e59d-44c3-9321-6a2dc7f717a3-extr.exe [2009.04.24 13:29:02 | 155,359,672 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\49edfae8-e0cc-45fb-96e6-d60571dd122d-extr.exe [2009.04.14 16:51:40 | 024,343,096 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\4bae280a-b121-48bd-9d2c-ec5f3103c761-extr.exe [2009.04.14 03:04:08 | 043,609,640 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\5446413b-8694-4af0-86d1-11f30157ac5c-extr.exe [2009.06.26 01:22:08 | 041,982,136 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\5ae0d760-ddcf-4247-85df-eacefd518e86-extr.exe [2009.04.14 03:44:44 | 014,411,352 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6B2E06FE-9D3B-476F-A58A-28CD98C654B5-extr.exe [2009.06.26 00:43:26 | 245,649,488 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6BDF3201-10E6-46ED-9A87-7FD18C418CFD-extr.exe [2009.04.14 17:15:00 | 085,341,344 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6e41fe57-1e36-4f26-9b0c-cc7c2417a7d9-extr.exe [2009.04.24 10:40:10 | 067,277,480 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe [2009.06.26 01:45:20 | 062,973,760 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\704a6f6e-ca20-4e4a-8c72-e4ad7aec251b-extr.exe [2009.04.14 16:48:20 | 023,390,080 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\951226E3-26FC-40BC-8085-3677B1128F59-extr.exe [2009.06.26 23:52:46 | 028,741,640 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\97c6c84d-af97-4b1c-8398-7e568c154911-extr.exe [2009.06.25 23:22:26 | 097,764,992 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\A4B598D2-9BFF-456F-A667-D3B8A0849286-extr.exe [2009.06.26 01:49:32 | 073,003,160 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\bba80652-58a7-4320-a64f-475fdbda4363-extr.exe [2009.04.24 14:52:10 | 046,878,152 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe [2009.04.24 14:31:46 | 034,288,056 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe [2009.04.14 16:35:16 | 014,181,696 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\e551d534-a4ef-4dac-9c20-c80b2c806ad8-extr.exe [2009.07.14 19:17:06 | 033,442,912 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\f10f89f1-9c08-4d85-9169-a28ba1fc6ab0-extr.exe [2009.04.14 16:46:14 | 048,113,568 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe [2009.06.25 22:40:28 | 035,657,496 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\FA9E2D68-8707-44C8-B93D-2FF048183749-extr.exe [2009.04.14 16:16:06 | 045,817,568 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\fb65380e-3812-44f7-bbec-128e82369adf-extr.exe [2011.10.07 19:05:04 | 001,042,304 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\My HP Game Console\Downloads\de\Installers\SetupGamesClient.exe [2011.10.07 19:09:21 | 000,976,312 | ---- | M] (WildTangent) -- C:\ProgramData\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe [2011.10.07 19:09:20 | 000,000,178 | ---- | M] () -- C:\ProgramData\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata [2011.09.28 19:54:04 | 000,466,632 | ---- | M] (WildTangent, Inc.) -- C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe < > < End of report > [/CODE] Eine Extra.txt konnte ich nicht finden. |
|
14.11.2012, 23:04
| #18 | |
| /// TB-Ausbilder  | FBDownloader nervt im Firfox rum Die Tuneup-Utilities sind noch nicht entfernt? Bitte erst nachholen.
__________________Fix mit OTL
__________________ Geändert von ryder (14.11.2012 um 23:09 Uhr) |
|
15.11.2012, 19:13
| #19 |
| | FBDownloader nervt im Firfox rumCode:
ATTFilter ========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" removed from keyword.URL
OTL by OldTimer - Version 3.2.69.0 log created on 11152012_191020
|
|
15.11.2012, 22:11
| #20 |
| /// TB-Ausbilder | FBDownloader nervt im Firfox rum Das ist ja wirklich eine Seuche  Hast du schon mal eine De- und Re-installation versucht?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.11.2012, 10:44
| #21 |
| /// TB-Ausbilder | FBDownloader nervt im Firfox rum Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ --> FBDownloader nervt im Firfox rum |
|
18.11.2012, 15:09
| #22 |
| /// TB-Ausbilder | FBDownloader nervt im Firfox rum Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu FBDownloader nervt im Firfox rum |
| 00000008.@, administrator, anti-malware, appdata, autostart, explorer, fbdownloader, fbdownloader search, fbdownloader;maleware, firefox, firfox, gelöscht, löschen, malwarebytes, neue, problem, quarantäne, rechner, recycle.bin, registry, rootkit.0access, shell, software, speicher, trojan.0access, trojan.dropper.bcminer, trojan.ransom, trojaner, version |
Textbox.
Linear-Darstellung
