Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Java/Exploit.CVE-2011-3544.BR trojan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.11.2012, 14:28   #1
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



hallo,

mich hat es leider mal wieder erwischt, vielleicht kann jmd helfen

eset

Code:
ATTFilter
 C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\400cd48f-49d3c53c	a variant of Java/Exploit.CVE-2011-3544.BR trojan
         
otl,txt

Code:
ATTFilter
 OTL logfile created on: 23.11.2012 11:07:16 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,33% Memory free
6,20 Gb Paging File | 3,88 Gb Available in Paging File | 62,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 64,74 Gb Free Space | 29,67% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.23 11:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.11.18 17:25:52 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.08.31 16:18:54 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.07.25 09:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.05.23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 17:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.18 17:30:58 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.18 17:30:46 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.08.31 16:18:52 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 22:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.11.19 08:00:22 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012.11.16 20:23:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.08.31 16:18:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.03 21:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.06.15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.05.06 16:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 19:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 17:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008.09.15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 00 8D C5 87 83 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=DLCDF7&q={searchTerms}&src={referrer:source?}&PC=MDDC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 08:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 16:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 09:06:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 16:18:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 09:06:53 | 000,000,000 | ---D | M]
 
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.22 10:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions
[2012.11.17 20:46:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\foxmarks@kei.com
[2012.09.02 20:01:13 | 000,194,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\gmailadsremover@florian.bersier.xpi
[2012.08.23 09:31:08 | 000,185,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
[2012.02.22 09:33:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.11.22 10:56:12 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.10.20 22:36:17 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\searchplugins\bing.xml
[2012.11.16 18:45:00 | 000,001,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\searchplugins\facebook.xml
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.06 09:29:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.19 08:10:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.31 16:18:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:18:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.01.05 11:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F4689E-70FE-4B1F-AB21-738BF7F49F34}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 08:14:57 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.11.19 08:11:04 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.11.19 08:11:02 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.11.19 08:10:58 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.11.19 08:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.18 03:15:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009.12.12 22:43:21 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 11:10:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 11:10:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.23 11:08:14 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 11:04:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.23 10:23:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.23 09:10:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 07:54:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 23:18:41 | 000,002,655 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.11.22 23:15:39 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 23:10:18 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 10:37:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 10:37:04 | 000,628,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 10:37:04 | 000,596,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 10:37:04 | 000,126,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 10:37:04 | 000,104,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:36:24 | 000,082,562 | ---- | M] () -- C:\Users\***\Documents\cc_20121119_083449.reg
[2012.11.19 08:33:04 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.19 08:11:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.19 08:07:55 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 17:15:10 | 000,305,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 19:17:56 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.23 11:04:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.19 08:36:17 | 000,082,562 | ---- | C] () -- C:\Users\***\Documents\cc_20121119_083449.reg
[2012.11.19 08:07:55 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011.03.24 20:28:59 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2010.08.24 17:53:36 | 000,006,836 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.21 22:28:55 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 11:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.06.29 08:13:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software
[2009.11.29 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe_Limited
[2012.11.23 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.06.27 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2011.01.07 13:29:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.12.17 04:30:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.11.20 20:57:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\***\Desktop\La gorda.mp4:TOC.WMV

< End of report >
         

Alt 26.11.2012, 10:57   #2
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller.
__________________

__________________

Alt 26.11.2012, 12:36   #3
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



vielen dank schon einmal

hier die files...

otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2012 12:19:16 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,85% Memory free
6,19 Gb Paging File | 3,96 Gb Available in Paging File | 63,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 65,40 Gb Free Space | 29,97% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.18 17:25:52 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Francia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.07.25 09:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.01.02 17:47:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL.exe
PRC - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.11 07:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.05.23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 17:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.18 17:30:58 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.18 17:30:46 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.11.19 08:00:22 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009.03.19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 22:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.11.16 20:23:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.31 16:18:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011.08.03 21:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.06.15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.05.06 16:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 19:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 17:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 00 8D C5 87 83 CD 01  [binary data]
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 08:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 16:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 09:06:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 16:18:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 09:06:53 | 000,000,000 | ---D | M]
 
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Extensions
[2012.11.24 15:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions
[2012.11.17 20:46:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\foxmarks@kei.com
[2009.10.20 22:36:17 | 000,002,171 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\bing.xml
[2012.11.16 18:45:00 | 000,001,018 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\facebook.xml
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.06 09:29:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.19 08:10:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.31 16:18:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 16:18:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Mail = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.01.05 11:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000..\Run: [Spotify Web Helper] C:\Users\Francia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Francia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Francia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F4689E-70FE-4B1F-AB21-738BF7F49F34}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Francia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Francia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 08:14:57 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.11.19 08:11:04 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.11.19 08:11:02 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.11.19 08:10:58 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.11.19 08:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.18 03:15:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.18 03:02:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.18 03:02:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.18 03:02:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.18 03:02:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.18 03:02:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.18 03:02:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.18 03:02:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.18 03:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.18 03:02:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.18 03:02:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.18 03:02:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.18 03:02:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.18 03:02:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.18 03:02:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.18 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 20:13:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 20:13:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.16 20:13:03 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.11.16 20:13:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.11.16 20:12:49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.11.16 20:12:42 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009.12.12 22:43:21 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Francia\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Users\Francia\Desktop\*.tmp files -> C:\Users\Francia\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 12:23:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.26 12:08:51 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.26 12:08:24 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 12:03:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:03:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 12:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 12:03:40 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 11:04:36 | 000,000,000 | ---- | M] () -- C:\Users\Francia\defogger_reenable
[2012.11.23 07:54:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 23:18:41 | 000,002,655 | ---- | M] () -- C:\Users\Francia\Desktop\Microsoft Office Word 2007.lnk
[2012.11.21 10:37:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 10:37:04 | 000,628,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 10:37:04 | 000,596,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 10:37:04 | 000,126,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 10:37:04 | 000,104,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:36:24 | 000,082,562 | ---- | M] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:33:04 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.19 08:11:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.19 08:07:55 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 17:15:10 | 000,305,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 20:23:19 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.16 20:23:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.16 19:17:56 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[3 C:\Users\Francia\Desktop\*.tmp files -> C:\Users\Francia\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.23 11:04:36 | 000,000,000 | ---- | C] () -- C:\Users\Francia\defogger_reenable
[2012.11.19 08:36:17 | 000,082,562 | ---- | C] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:07:55 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011.03.24 20:28:59 | 000,000,732 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps64.dat
[2010.08.24 17:53:36 | 000,006,836 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps.dat
[2009.12.04 15:41:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.04 15:40:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.04 15:40:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.11.29 20:27:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.26 10:00:24 | 000,157,424 | ---- | C] () -- C:\Windows\SysWow64\STWmiM64.dll
[2009.11.26 10:00:24 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\winpeshl.ini
[2009.11.26 10:00:24 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\ST_LOG.INI
[2009.11.26 10:00:23 | 002,303,728 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009.11.26 10:00:23 | 001,372,672 | ---- | C] () -- C:\Windows\SysWow64\Restore7.exe
[2009.11.26 10:00:23 | 000,619,760 | ---- | C] () -- C:\Windows\SysWow64\STBackupEngine.dll
[2009.11.26 10:00:23 | 000,581,872 | ---- | C] () -- C:\Windows\SysWow64\STRegistry64.dll
[2009.11.26 10:00:23 | 000,578,288 | ---- | C] () -- C:\Windows\SysWow64\BackupApi.dll
[2009.11.26 10:00:23 | 000,540,912 | ---- | C] () -- C:\Windows\SysWow64\STString64d.dll
[2009.11.26 10:00:23 | 000,385,264 | ---- | C] () -- C:\Windows\SysWow64\STFiles64.dll
[2009.11.26 10:00:23 | 000,334,576 | ---- | C] () -- C:\Windows\SysWow64\RestoreLauncher.exe
[2009.11.26 10:00:23 | 000,172,784 | ---- | C] () -- C:\Windows\SysWow64\STLog64.dll
[2009.11.26 10:00:23 | 000,152,816 | ---- | C] () -- C:\Windows\SysWow64\STNLS64.dll
[2009.11.26 10:00:23 | 000,134,384 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk64.dll
[2009.11.26 10:00:23 | 000,132,848 | ---- | C] () -- C:\Windows\SysWow64\STPE64.dll
[2009.11.26 10:00:23 | 000,127,728 | ---- | C] () -- C:\Windows\SysWow64\STCrypto64.dll
[2009.11.26 10:00:23 | 000,108,272 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009.11.26 10:00:23 | 000,106,224 | ---- | C] () -- C:\Windows\SysWow64\STMsXml64.dll
[2009.11.26 10:00:23 | 000,092,400 | ---- | C] () -- C:\Windows\SysWow64\STEncryptableVol64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcessDLL64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcess64.dll
[2009.11.26 10:00:23 | 000,052,464 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml64.dll
[2009.11.26 10:00:23 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\abort.dat
[2009.10.21 22:28:55 | 000,155,136 | ---- | C] () -- C:\Users\Francia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 11:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.11 00:28:12 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.10.10 23:01:39 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.10.10 22:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.30 11:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== Custom Scans ==========
 
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.08.31 16:18:49 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.08.31 16:18:49 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.08.31 16:18:49 | 000,853,448 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012.08.31 16:18:54 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012.08.31 16:18:54 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012.08.31 16:18:54 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012.02.22 15:09:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012.02.22 15:09:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012.02.22 15:09:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.02.22 15:09:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.02.22 15:09:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.02.22 15:09:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012.10.04 00:08:28 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Francia\Desktop\La gorda.mp4:TOC.WMV

< End of report >
         
--- --- ---


extra.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 12:19:16 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,85% Memory free
6,19 Gb Paging File | 3,96 Gb Available in Paging File | 63,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 65,40 Gb Free Space | 29,97% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 0C 88 2B CC E5 CB CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D1E06C-B83F-4B9A-85FF-430C8E4DF89F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1ABFCA35-0562-4D32-9243-032749BA0B66}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D229D36-F8E2-4BA1-9427-FE66DE3385D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{72D25A26-5050-4A5E-9AA4-26CD805D6F4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8AA9A9D2-EF66-483A-A40F-4B23B6518E40}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9729BCEA-43A4-48F4-881F-6D4CEFF28F4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A107AF07-C3BA-4E88-9262-66EF6AF4D20D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4439DB7-CE93-4FF3-8A18-43F9950F5E33}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B3CB0FB3-D664-4CA2-8FB8-BAB7C5976260}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BEBA94B7-CF9F-461E-A6B2-FA184C4BE5DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3946001-6BE1-4D5A-8C87-919A461B5985}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2F6ABCB-9A69-4333-A858-B983BEC3AF27}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014E5259-F4D0-495F-A154-166B211C9580}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
"{1910085A-C2D8-4490-8CC6-EBB3BE0675D8}" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{26288DF6-2E74-4F2E-8756-C5CBDE05A0E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4925B322-8793-4E33-971B-1E70F07E1F90}" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5EE6612F-5098-4B04-8584-9F7ECF478116}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70A7AA27-3A71-4261-8E1D-69D79B071D79}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{7699D49E-6C61-43B9-A442-209189939794}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{7C8DE86C-99FE-492B-9174-63752FA65155}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8857711F-95EE-443D-927A-82A0E968FFA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8E8559E7-E132-42C1-9E5C-AAF486C737FD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
"{9EEB2E67-CBB1-4EBD-BF62-B8E857481264}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{B19E2329-D118-49C6-8B82-7C86B0D67786}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D1A7053B-2D7B-4D5D-80C7-42FF506FF2E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D7030D5A-A89F-4427-B99F-FAE0FB96CE74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F162C079-1DFD-4E72-A621-78FBEEFB0A87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{32A5CAF5-D8A5-419A-B8D8-DDE5937CA40A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{33E744C6-1F31-4560-BC99-361274BD426A}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{5C4717A7-B5B9-48DB-9A0D-E73CB47B2CF9}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{8F60E73A-A3BE-47E8-9FF1-5C6698D0C680}C:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BF43859B-BB30-4851-AC69-C31CAF4EF216}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{55B8E79B-E942-4DB0-A361-28FAF51A1441}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{578D7969-C871-4FAE-A50E-69A04F2DD6EE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{69C537BA-9591-4815-A0CF-DBBC599FCB9E}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9CB1EE9F-8D8B-4BC8-B50D-691D5D0D48AD}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9DA8F097-6EB3-4BA3-B50D-DF2BE60C8956}C:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)  
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Internet Security
"conduitEngine" = Conduit Engine
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Secure Eraser_is1" = Secure Eraser v4.0
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2012 09:27:19 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 06:02:25 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 17:55:30 | Computer Name = Francia-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 27.07.2012 03:17:56 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.07.2012 16:58:09 | Computer Name = Francia-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 28.07.2012 03:03:51 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2012 03:08:06 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2012 03:25:30 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2012 16:42:42 | Computer Name = Francia-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.07.2012 02:31:30 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 16.11.2012 13:39:08 | Computer Name = Francia-PC | Source = WLAN-Tray | ID = 0
Description = 18:37:31, Fri, Nov 16, 12 Error - Unable to gain access to user store

 
[ Cisco AnyConnect VPN Client Events ]
Error - 24.11.2012 10:17:19 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 24.11.2012 10:17:19 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.11.2012 12:29:04 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 25.11.2012 07:53:21 | Computer Name = Francia-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 26.11.2012 07:04:00 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 22.11.2012 05:14:17 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.11.2012 05:24:22 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.11.2012 17:55:28 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.11.2012 17:58:00 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.11.2012 18:12:05 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.11.2012 18:17:07 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.11.2012 18:17:07 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2012 04:10:54 | Computer Name = Francia-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.105 für die Netzwerkkarte mit der Netzwerkadresse
 701A043C8284 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 26.11.2012 07:05:23 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.11.2012 07:08:36 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
         
--- --- ---


defogger war leer

aswmbr

Code:
ATTFilter
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-26 12:40:07
-----------------------------
12:40:07.737    OS Version: Windows x64 6.0.6002 Service Pack 2
12:40:07.737    Number of processors: 2 586 0x170A
12:40:07.737    ComputerName: FRANCIA-PC  UserName: Francia
12:40:11.824    Initialize success
12:40:12.510    AVAST engine defs: 12112600
12:40:35.115    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:40:35.115    Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3
12:40:35.130    Disk 0 MBR read successfully
12:40:35.146    Disk 0 MBR scan
12:40:35.146    Disk 0 Windows VISTA default MBR code
12:40:35.146    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
12:40:35.162    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 80325
12:40:35.177    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       223434 MB offset 30800325
12:40:35.364    Disk 0 scanning C:\Windows\system32\drivers
12:40:54.646    Service scanning
12:41:34.598    Modules scanning
12:41:34.613    Disk 0 trace - called modules:
12:41:34.644    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:41:34.644    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040a0790]
12:41:34.660    3 CLASSPNP.SYS[fffffa6000dccc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800337e940]
12:41:36.532    AVAST engine scan C:\Windows
12:41:41.883    AVAST engine scan C:\Windows\system32
12:48:25.439    AVAST engine scan C:\Windows\system32\drivers
12:48:59.759    AVAST engine scan C:\Users\Francia
13:21:50.148    Disk 0 MBR has been saved successfully to "C:\Users\Francia\Desktop\MBR.dat"
13:21:50.164    The log file has been saved successfully to "C:\Users\Francia\Desktop\aswMBR.txt"
         
__________________

Alt 26.11.2012, 12:38   #4
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



tdss

Code:
ATTFilter
 13:23:27.0799 3132  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:23:28.0142 3132  ============================================================
13:23:28.0142 3132  Current date / time: 2012/11/26 13:23:28.0142
13:23:28.0142 3132  SystemInfo:
13:23:28.0142 3132  
13:23:28.0142 3132  OS Version: 6.0.6002 ServicePack: 2.0
13:23:28.0142 3132  Product type: Workstation
13:23:28.0142 3132  ComputerName: FRANCIA-PC
13:23:28.0142 3132  UserName: Francia
13:23:28.0142 3132  Windows directory: C:\Windows
13:23:28.0142 3132  System windows directory: C:\Windows
13:23:28.0142 3132  Running under WOW64
13:23:28.0142 3132  Processor architecture: Intel x64
13:23:28.0142 3132  Number of processors: 2
13:23:28.0142 3132  Page size: 0x1000
13:23:28.0142 3132  Boot type: Normal boot
13:23:28.0142 3132  ============================================================
13:23:30.0545 3132  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:30.0560 3132  ============================================================
13:23:30.0560 3132  \Device\Harddisk0\DR0:
13:23:30.0560 3132  MBR partitions:
13:23:30.0560 3132  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
13:23:30.0560 3132  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
13:23:30.0560 3132  ============================================================
13:23:31.0746 3132  C: <-> \Device\Harddisk0\DR0\Partition2
13:23:31.0793 3132  D: <-> \Device\Harddisk0\DR0\Partition1
13:23:31.0793 3132  ============================================================
13:23:31.0793 3132  Initialize success
13:23:31.0793 3132  ============================================================
13:23:38.0048 4780  ============================================================
13:23:38.0048 4780  Scan started
13:23:38.0048 4780  Mode: Manual; 
13:23:38.0048 4780  ============================================================
13:23:43.0602 4780  ================ Scan system memory ========================
13:23:43.0602 4780  System memory - ok
13:23:43.0602 4780  ================ Scan services =============================
13:23:43.0789 4780  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:23:43.0789 4780  !SASCORE - ok
13:23:44.0070 4780  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:23:44.0086 4780  ACPI - ok
13:23:44.0398 4780  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:23:44.0398 4780  AdobeARMservice - ok
13:23:44.0678 4780  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:44.0678 4780  AdobeFlashPlayerUpdateSvc - ok
13:23:44.0803 4780  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:23:44.0803 4780  adp94xx - ok
13:23:44.0881 4780  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:23:44.0881 4780  adpahci - ok
13:23:44.0912 4780  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:23:44.0912 4780  adpu160m - ok
13:23:44.0975 4780  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:23:44.0975 4780  adpu320 - ok
13:23:45.0146 4780  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:23:45.0146 4780  AeLookupSvc - ok
13:23:45.0334 4780  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
13:23:45.0334 4780  AESTFilters - ok
13:23:45.0474 4780  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
13:23:45.0490 4780  AFD - ok
13:23:45.0630 4780  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:23:45.0646 4780  agp440 - ok
13:23:45.0692 4780  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:23:45.0692 4780  aic78xx - ok
13:23:45.0724 4780  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
13:23:45.0724 4780  ALG - ok
13:23:45.0786 4780  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:23:45.0786 4780  aliide - ok
13:23:45.0833 4780  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
13:23:45.0833 4780  amdide - ok
13:23:45.0880 4780  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:23:45.0895 4780  AmdK8 - ok
13:23:45.0973 4780  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
13:23:45.0973 4780  Appinfo - ok
13:23:46.0067 4780  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
13:23:46.0067 4780  arc - ok
13:23:46.0145 4780  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:23:46.0145 4780  arcsas - ok
13:23:46.0223 4780  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:23:46.0223 4780  aswFsBlk - ok
13:23:46.0316 4780  [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
13:23:46.0597 4780  aswFW - ok
13:23:46.0691 4780  [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
13:23:46.0691 4780  aswKbd - ok
13:23:46.0816 4780  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:23:46.0816 4780  aswMonFlt - ok
13:23:46.0878 4780  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
13:23:46.0925 4780  aswNdis - ok
13:23:46.0972 4780  [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
13:23:46.0987 4780  aswNdis2 - ok
13:23:47.0034 4780  [ A4096B90F21BBD2973AFAB8EEE01CD25 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
13:23:47.0034 4780  AswRdr - ok
13:23:47.0143 4780  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:23:47.0159 4780  aswSnx - ok
13:23:47.0237 4780  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:23:47.0237 4780  aswSP - ok
13:23:47.0268 4780  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:23:47.0284 4780  aswTdi - ok
13:23:47.0330 4780  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:47.0330 4780  AsyncMac - ok
13:23:47.0377 4780  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:23:47.0377 4780  atapi - ok
13:23:47.0486 4780  [ 00DACE1D9A0DA60215022C6B1FAC1673 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:23:47.0502 4780  Ati External Event Utility - ok
13:23:47.0845 4780  [ CEF278088637401F07A0064B0B900A32 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:23:47.0986 4780  atikmdag - ok
13:23:48.0079 4780  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:23:48.0079 4780  AudioEndpointBuilder - ok
13:23:48.0095 4780  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:23:48.0095 4780  AudioSrv - ok
13:23:48.0313 4780  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:23:48.0313 4780  avast! Antivirus - ok
13:23:48.0360 4780  [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
13:23:48.0360 4780  avast! Firewall - ok
13:23:48.0454 4780  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:23:48.0454 4780  BBSvc - ok
13:23:48.0547 4780  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:23:48.0547 4780  BBUpdate - ok
13:23:48.0688 4780  [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
13:23:48.0688 4780  BCM42RLY - ok
13:23:48.0797 4780  [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:23:48.0828 4780  BCM43XX - ok
13:23:48.0890 4780  Beep - ok
13:23:48.0984 4780  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
13:23:49.0000 4780  BFE - ok
13:23:49.0140 4780  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
13:23:49.0156 4780  BITS - ok
13:23:49.0218 4780  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:23:49.0218 4780  blbdrive - ok
13:23:49.0280 4780  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:23:49.0280 4780  bowser - ok
13:23:49.0343 4780  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:23:49.0343 4780  BrFiltLo - ok
13:23:49.0405 4780  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:23:49.0405 4780  BrFiltUp - ok
13:23:49.0561 4780  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
13:23:49.0561 4780  Browser - ok
13:23:49.0624 4780  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:23:49.0624 4780  Brserid - ok
13:23:49.0639 4780  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:23:49.0639 4780  BrSerWdm - ok
13:23:49.0670 4780  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:23:49.0686 4780  BrUsbMdm - ok
13:23:49.0686 4780  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:23:49.0686 4780  BrUsbSer - ok
13:23:49.0764 4780  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:23:49.0764 4780  BTHMODEM - ok
13:23:49.0795 4780  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:23:49.0811 4780  cdfs - ok
13:23:49.0858 4780  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:23:49.0858 4780  cdrom - ok
13:23:49.0936 4780  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:23:49.0936 4780  CertPropSvc - ok
13:23:49.0967 4780  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:23:49.0982 4780  circlass - ok
13:23:50.0045 4780  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
13:23:50.0060 4780  CLFS - ok
13:23:50.0201 4780  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:50.0201 4780  clr_optimization_v2.0.50727_32 - ok
13:23:50.0263 4780  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:50.0263 4780  clr_optimization_v2.0.50727_64 - ok
13:23:50.0435 4780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:50.0513 4780  clr_optimization_v4.0.30319_32 - ok
13:23:50.0731 4780  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:50.0809 4780  clr_optimization_v4.0.30319_64 - ok
13:23:50.0856 4780  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:50.0856 4780  CmBatt - ok
13:23:50.0887 4780  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:23:50.0887 4780  cmdide - ok
13:23:50.0934 4780  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:23:50.0934 4780  Compbatt - ok
13:23:50.0950 4780  COMSysApp - ok
13:23:50.0965 4780  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:23:50.0981 4780  crcdisk - ok
13:23:51.0043 4780  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:23:51.0059 4780  CryptSvc - ok
13:23:51.0137 4780  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:23:51.0137 4780  CtClsFlt - ok
13:23:51.0324 4780  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:23:51.0340 4780  DcomLaunch - ok
13:23:51.0418 4780  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:23:51.0418 4780  DfsC - ok
13:23:51.0808 4780  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
13:23:51.0979 4780  DFSR - ok
13:23:52.0088 4780  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:23:52.0088 4780  Dhcp - ok
13:23:52.0166 4780  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
13:23:52.0166 4780  disk - ok
13:23:52.0229 4780  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:23:52.0229 4780  Dnscache - ok
13:23:52.0588 4780  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:23:52.0588 4780  DockLoginService - ok
13:23:52.0666 4780  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:23:52.0681 4780  dot3svc - ok
13:23:52.0759 4780  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
13:23:52.0759 4780  DPS - ok
13:23:52.0837 4780  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:23:52.0837 4780  drmkaud - ok
13:23:52.0900 4780  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:23:52.0915 4780  DXGKrnl - ok
13:23:52.0978 4780  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
13:23:53.0056 4780  e1express - ok
13:23:53.0102 4780  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:23:53.0102 4780  E1G60 - ok
13:23:53.0165 4780  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
13:23:53.0165 4780  EapHost - ok
13:23:53.0274 4780  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:23:53.0290 4780  Ecache - ok
13:23:53.0368 4780  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:23:53.0368 4780  ehRecvr - ok
13:23:53.0399 4780  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
13:23:53.0399 4780  ehSched - ok
13:23:53.0446 4780  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
13:23:53.0446 4780  ehstart - ok
13:23:53.0539 4780  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:23:53.0555 4780  elxstor - ok
13:23:53.0633 4780  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:23:53.0648 4780  EMDMgmt - ok
13:23:53.0711 4780  [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:23:53.0711 4780  ErrDev - ok
13:23:53.0789 4780  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
13:23:53.0804 4780  EventSystem - ok
13:23:53.0836 4780  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:23:53.0851 4780  exfat - ok
13:23:53.0882 4780  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:23:53.0898 4780  fastfat - ok
13:23:53.0976 4780  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:23:53.0976 4780  fdc - ok
13:23:54.0054 4780  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
13:23:54.0054 4780  fdPHost - ok
13:23:54.0101 4780  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
13:23:54.0101 4780  FDResPub - ok
13:23:54.0132 4780  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:23:54.0132 4780  FileInfo - ok
13:23:54.0210 4780  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:23:54.0210 4780  Filetrace - ok
13:23:54.0241 4780  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:23:54.0241 4780  flpydisk - ok
13:23:54.0319 4780  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:23:54.0335 4780  FltMgr - ok
13:23:54.0444 4780  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
13:23:54.0460 4780  FontCache - ok
13:23:54.0553 4780  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:54.0553 4780  FontCache3.0.0.0 - ok
13:23:54.0616 4780  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:23:54.0616 4780  Fs_Rec - ok
13:23:54.0709 4780  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:23:54.0709 4780  gagp30kx - ok
13:23:54.0756 4780  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:23:54.0772 4780  gpsvc - ok
13:23:54.0881 4780  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:54.0881 4780  gupdate - ok
13:23:54.0912 4780  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:54.0912 4780  gupdatem - ok
13:23:55.0021 4780  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:23:55.0037 4780  HdAudAddService - ok
13:23:55.0146 4780  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:23:55.0177 4780  HDAudBus - ok
13:23:55.0255 4780  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:23:55.0255 4780  HidBth - ok
13:23:55.0286 4780  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:23:55.0286 4780  HidIr - ok
13:23:55.0333 4780  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
13:23:55.0333 4780  hidserv - ok
13:23:55.0380 4780  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:23:55.0380 4780  HidUsb - ok
13:23:55.0442 4780  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:23:55.0442 4780  hkmsvc - ok
13:23:55.0552 4780  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:23:55.0552 4780  HpCISSs - ok
13:23:55.0645 4780  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:23:55.0645 4780  HTTP - ok
13:23:55.0692 4780  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:23:55.0692 4780  i2omp - ok
13:23:55.0801 4780  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:23:55.0801 4780  i8042prt - ok
13:23:55.0895 4780  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:23:55.0910 4780  iaStorV - ok
13:23:56.0051 4780  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:56.0129 4780  idsvc - ok
13:23:56.0144 4780  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:23:56.0144 4780  iirsp - ok
13:23:56.0238 4780  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
13:23:56.0254 4780  IKEEXT - ok
13:23:56.0300 4780  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
13:23:56.0300 4780  intelide - ok
13:23:56.0347 4780  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:23:56.0347 4780  intelppm - ok
13:23:56.0441 4780  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:23:56.0441 4780  IPBusEnum - ok
13:23:56.0503 4780  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:56.0519 4780  IpFilterDriver - ok
13:23:56.0612 4780  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:23:56.0612 4780  iphlpsvc - ok
13:23:56.0628 4780  IpInIp - ok
13:23:56.0675 4780  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:23:56.0675 4780  IPMIDRV - ok
13:23:56.0690 4780  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:23:56.0706 4780  IPNAT - ok
13:23:56.0722 4780  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:23:56.0722 4780  IRENUM - ok
13:23:56.0846 4780  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:23:56.0846 4780  isapnp - ok
13:23:56.0940 4780  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:23:56.0956 4780  iScsiPrt - ok
13:23:57.0002 4780  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:23:57.0002 4780  iteatapi - ok
13:23:57.0080 4780  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:23:57.0080 4780  iteraid - ok
13:23:57.0158 4780  [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
13:23:57.0174 4780  k57nd60a - ok
13:23:57.0190 4780  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:23:57.0190 4780  kbdclass - ok
13:23:57.0268 4780  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:23:57.0268 4780  kbdhid - ok
13:23:57.0330 4780  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
13:23:57.0330 4780  KeyIso - ok
13:23:57.0548 4780  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:23:57.0564 4780  KSecDD - ok
13:23:57.0658 4780  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:23:57.0658 4780  ksthunk - ok
13:23:57.0767 4780  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:23:57.0767 4780  KtmRm - ok
13:23:57.0829 4780  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:23:57.0845 4780  LanmanServer - ok
13:23:57.0892 4780  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:23:57.0892 4780  LanmanWorkstation - ok
13:23:57.0938 4780  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:23:57.0938 4780  lltdio - ok
13:23:58.0048 4780  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:23:58.0063 4780  lltdsvc - ok
13:23:58.0126 4780  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:23:58.0126 4780  lmhosts - ok
13:23:58.0188 4780  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:23:58.0188 4780  LSI_FC - ok
13:23:58.0204 4780  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:23:58.0219 4780  LSI_SAS - ok
13:23:58.0266 4780  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:23:58.0266 4780  LSI_SCSI - ok
13:23:58.0297 4780  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:23:58.0297 4780  luafv - ok
13:23:58.0344 4780  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:23:58.0344 4780  Mcx2Svc - ok
13:23:58.0375 4780  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
13:23:58.0375 4780  megasas - ok
13:23:58.0406 4780  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:23:58.0406 4780  MegaSR - ok
13:23:58.0453 4780  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
13:23:58.0469 4780  MMCSS - ok
13:23:58.0531 4780  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
13:23:58.0547 4780  Modem - ok
13:23:58.0640 4780  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:23:58.0640 4780  monitor - ok
13:23:58.0672 4780  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:23:58.0672 4780  mouclass - ok
13:23:58.0687 4780  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:23:58.0687 4780  mouhid - ok
13:23:58.0718 4780  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:23:58.0718 4780  MountMgr - ok
13:23:58.0796 4780  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:23:58.0796 4780  MozillaMaintenance - ok
13:23:58.0859 4780  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:23:58.0859 4780  mpio - ok
13:23:58.0906 4780  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:23:58.0906 4780  mpsdrv - ok
13:23:58.0952 4780  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:23:58.0968 4780  MpsSvc - ok
13:23:59.0015 4780  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:23:59.0015 4780  Mraid35x - ok
13:23:59.0046 4780  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:23:59.0062 4780  MRxDAV - ok
13:23:59.0171 4780  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:23:59.0186 4780  mrxsmb - ok
13:23:59.0264 4780  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:23:59.0280 4780  mrxsmb10 - ok
13:23:59.0311 4780  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:23:59.0311 4780  mrxsmb20 - ok
13:23:59.0374 4780  [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:23:59.0374 4780  msahci - ok
13:23:59.0405 4780  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:23:59.0405 4780  msdsm - ok
13:23:59.0420 4780  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
13:23:59.0436 4780  MSDTC - ok
13:23:59.0467 4780  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:23:59.0467 4780  Msfs - ok
13:23:59.0514 4780  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:23:59.0514 4780  msisadrv - ok
13:23:59.0561 4780  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:23:59.0561 4780  MSiSCSI - ok
13:23:59.0592 4780  msiserver - ok
13:23:59.0623 4780  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:23:59.0623 4780  MSKSSRV - ok
13:23:59.0639 4780  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:23:59.0639 4780  MSPCLOCK - ok
13:23:59.0654 4780  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:23:59.0654 4780  MSPQM - ok
13:23:59.0701 4780  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:23:59.0717 4780  MsRPC - ok
13:23:59.0764 4780  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:23:59.0779 4780  mssmbios - ok
13:23:59.0842 4780  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:23:59.0842 4780  MSTEE - ok
13:23:59.0873 4780  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:23:59.0873 4780  Mup - ok
13:23:59.0920 4780  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
13:23:59.0935 4780  napagent - ok
13:24:00.0076 4780  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:24:00.0076 4780  NativeWifiP - ok
13:24:00.0169 4780  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:24:00.0247 4780  NDIS - ok
13:24:00.0310 4780  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:00.0310 4780  NdisTapi - ok
13:24:00.0341 4780  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:00.0341 4780  Ndisuio - ok
13:24:00.0497 4780  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:00.0512 4780  NdisWan - ok
13:24:00.0575 4780  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:24:00.0575 4780  NDProxy - ok
13:24:00.0637 4780  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:24:00.0637 4780  NetBIOS - ok
13:24:00.0762 4780  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:24:00.0762 4780  netbt - ok
13:24:00.0793 4780  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
13:24:00.0793 4780  Netlogon - ok
13:24:00.0840 4780  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
13:24:00.0840 4780  Netman - ok
13:24:00.0887 4780  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
13:24:00.0902 4780  netprofm - ok
13:24:00.0949 4780  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:00.0949 4780  NetTcpPortSharing - ok
13:24:00.0996 4780  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:24:00.0996 4780  nfrd960 - ok
13:24:01.0058 4780  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:24:01.0074 4780  NlaSvc - ok
13:24:01.0230 4780  [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU      C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
13:24:01.0230 4780  NMSAccessU - ok
13:24:01.0324 4780  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:24:01.0324 4780  Npfs - ok
13:24:01.0386 4780  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
13:24:01.0386 4780  nsi - ok
13:24:01.0448 4780  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:24:01.0448 4780  nsiproxy - ok
13:24:01.0526 4780  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:24:01.0558 4780  Ntfs - ok
13:24:01.0604 4780  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
13:24:01.0604 4780  Null - ok
13:24:01.0667 4780  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:24:01.0667 4780  nvraid - ok
13:24:01.0714 4780  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:24:01.0714 4780  nvstor - ok
13:24:01.0792 4780  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:24:01.0792 4780  nv_agp - ok
13:24:01.0792 4780  NwlnkFlt - ok
13:24:01.0807 4780  NwlnkFwd - ok
13:24:01.0885 4780  [ 404B0121AE1A75D9A63B6934EB07C258 ] OA008Ufd        C:\Windows\system32\DRIVERS\OA008Ufd.sys
13:24:01.0885 4780  OA008Ufd - ok
13:24:01.0916 4780  [ 126885007E8F601861165FC77C93F1BE ] OA008Vid        C:\Windows\system32\DRIVERS\OA008Vid.sys
13:24:01.0932 4780  OA008Vid - ok
13:24:02.0088 4780  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:24:02.0104 4780  odserv - ok
13:24:02.0197 4780  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:24:02.0197 4780  ohci1394 - ok
13:24:02.0291 4780  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:02.0306 4780  ose - ok
13:24:02.0400 4780  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:24:02.0416 4780  p2pimsvc - ok
13:24:02.0447 4780  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
13:24:02.0447 4780  p2psvc - ok
13:24:02.0525 4780  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
13:24:02.0525 4780  Parport - ok
13:24:02.0603 4780  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:24:02.0603 4780  partmgr - ok
13:24:02.0634 4780  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:24:02.0634 4780  PcaSvc - ok
13:24:02.0790 4780  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:24:02.0837 4780  pccsmcfd - ok
13:24:02.0946 4780  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
13:24:02.0946 4780  pci - ok
13:24:02.0977 4780  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:24:02.0977 4780  pciide - ok
13:24:03.0055 4780  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:24:03.0055 4780  pcmcia - ok
13:24:03.0164 4780  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:24:03.0180 4780  PEAUTH - ok
13:24:03.0320 4780  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:24:03.0320 4780  PerfHost - ok
13:24:03.0492 4780  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
13:24:03.0523 4780  pla - ok
13:24:03.0586 4780  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:24:03.0601 4780  PlugPlay - ok
13:24:03.0648 4780  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:24:03.0664 4780  PNRPAutoReg - ok
13:24:03.0742 4780  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:24:03.0757 4780  PNRPsvc - ok
13:24:03.0835 4780  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:24:03.0851 4780  PolicyAgent - ok
13:24:03.0913 4780  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:24:03.0913 4780  PptpMiniport - ok
13:24:03.0944 4780  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
13:24:03.0944 4780  Processor - ok
13:24:03.0991 4780  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
13:24:03.0991 4780  ProfSvc - ok
13:24:04.0022 4780  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:24:04.0022 4780  ProtectedStorage - ok
13:24:04.0085 4780  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:24:04.0085 4780  PSched - ok
13:24:04.0194 4780  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
13:24:04.0194 4780  PSI - ok
13:24:04.0225 4780  [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:24:04.0225 4780  PxHlpa64 - ok
13:24:04.0584 4780  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:24:04.0662 4780  ql2300 - ok
13:24:04.0709 4780  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:24:04.0709 4780  ql40xx - ok
13:24:04.0880 4780  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
13:24:04.0896 4780  QWAVE - ok
13:24:04.0927 4780  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:24:04.0927 4780  QWAVEdrv - ok
13:24:05.0239 4780  [ CEF278088637401F07A0064B0B900A32 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
13:24:05.0270 4780  R300 - ok
13:24:05.0317 4780  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:24:05.0411 4780  RasAcd - ok
13:24:05.0473 4780  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
13:24:05.0489 4780  RasAuto - ok
13:24:05.0520 4780  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:05.0520 4780  Rasl2tp - ok
13:24:05.0582 4780  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
13:24:05.0598 4780  RasMan - ok
13:24:05.0629 4780  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:05.0629 4780  RasPppoe - ok
13:24:05.0676 4780  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:24:05.0676 4780  RasSstp - ok
13:24:05.0723 4780  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:24:05.0723 4780  rdbss - ok
13:24:05.0801 4780  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:05.0801 4780  RDPCDD - ok
13:24:05.0848 4780  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:24:05.0863 4780  rdpdr - ok
13:24:05.0863 4780  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:24:05.0863 4780  RDPENCDD - ok
13:24:05.0941 4780  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:24:05.0941 4780  RDPWD - ok
13:24:05.0988 4780  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:24:05.0988 4780  RemoteAccess - ok
13:24:06.0035 4780  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:24:06.0050 4780  RemoteRegistry - ok
13:24:06.0160 4780  [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
13:24:06.0160 4780  rimmptsk - ok
13:24:06.0206 4780  [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
13:24:06.0206 4780  rimsptsk - ok
13:24:06.0253 4780  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
13:24:06.0253 4780  rismxdp - ok
13:24:06.0394 4780  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
13:24:06.0394 4780  RpcLocator - ok
13:24:06.0581 4780  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
13:24:06.0596 4780  RpcSs - ok
13:24:06.0674 4780  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:24:06.0674 4780  rspndr - ok
13:24:06.0706 4780  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
13:24:06.0706 4780  SamSs - ok
13:24:06.0815 4780  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:24:06.0815 4780  SASDIFSV - ok
13:24:06.0893 4780  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:24:06.0908 4780  SASKUTIL - ok
13:24:06.0924 4780  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:24:06.0940 4780  sbp2port - ok
13:24:06.0986 4780  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:24:06.0986 4780  SCardSvr - ok
13:24:07.0096 4780  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
13:24:07.0127 4780  Schedule - ok
13:24:07.0174 4780  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:24:07.0174 4780  SCPolicySvc - ok
13:24:07.0283 4780  [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:24:07.0283 4780  sdbus - ok
13:24:07.0330 4780  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:24:07.0345 4780  SDRSVC - ok
13:24:07.0517 4780  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:24:07.0532 4780  secdrv - ok
13:24:07.0564 4780  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
13:24:07.0564 4780  seclogon - ok
13:24:07.0766 4780  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
13:24:07.0782 4780  Secunia PSI Agent - ok
13:24:07.0891 4780  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
13:24:07.0907 4780  Secunia Update Agent - ok
13:24:08.0078 4780  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
13:24:08.0078 4780  SENS - ok
13:24:08.0110 4780  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:24:08.0110 4780  Serenum - ok
13:24:08.0188 4780  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
13:24:08.0203 4780  Serial - ok
13:24:08.0281 4780  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:24:08.0281 4780  sermouse - ok
13:24:08.0390 4780  [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:24:08.0406 4780  ServiceLayer - ok
13:24:08.0546 4780  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:24:08.0562 4780  SessionEnv - ok
13:24:08.0609 4780  [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
13:24:08.0609 4780  sffdisk - ok
13:24:08.0656 4780  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:24:08.0656 4780  sffp_mmc - ok
13:24:08.0671 4780  [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
13:24:08.0687 4780  sffp_sd - ok
13:24:08.0687 4780  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:24:08.0687 4780  sfloppy - ok
13:24:08.0796 4780  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:24:08.0796 4780  SharedAccess - ok
13:24:08.0874 4780  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:24:08.0890 4780  ShellHWDetection - ok
13:24:08.0936 4780  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:24:08.0936 4780  SiSRaid2 - ok
13:24:08.0968 4780  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:24:08.0968 4780  SiSRaid4 - ok
13:24:09.0139 4780  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:24:09.0139 4780  SkypeUpdate - ok
13:24:09.0342 4780  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
13:24:09.0467 4780  slsvc - ok
13:24:09.0623 4780  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:24:09.0638 4780  SLUINotify - ok
13:24:09.0685 4780  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:24:09.0701 4780  Smb - ok
13:24:09.0779 4780  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:24:09.0794 4780  SNMPTRAP - ok
13:24:09.0826 4780  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
13:24:09.0826 4780  spldr - ok
13:24:09.0904 4780  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
13:24:09.0904 4780  Spooler - ok
13:24:09.0997 4780  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
13:24:09.0997 4780  sprtsvc_DellSupportCenter - ok
13:24:10.0060 4780  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:24:10.0075 4780  srv - ok
13:24:10.0153 4780  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:24:10.0153 4780  srv2 - ok
13:24:10.0184 4780  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:24:10.0184 4780  srvnet - ok
13:24:10.0231 4780  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:24:10.0247 4780  SSDPSRV - ok
13:24:10.0356 4780  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:24:10.0356 4780  SstpSvc - ok
13:24:10.0450 4780  [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
13:24:10.0465 4780  STacSV - ok
13:24:10.0512 4780  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
13:24:10.0512 4780  StarOpen - ok
13:24:10.0590 4780  [ BA16447226ABFD342E130D2F24F73D32 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:24:10.0590 4780  STHDA - ok
13:24:10.0652 4780  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
13:24:10.0668 4780  stisvc - ok
13:24:10.0746 4780  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:24:10.0746 4780  stllssvr - ok
13:24:10.0793 4780  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:24:10.0793 4780  swenum - ok
13:24:10.0840 4780  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
13:24:10.0855 4780  swprv - ok
13:24:10.0886 4780  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:24:10.0886 4780  Symc8xx - ok
13:24:10.0949 4780  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:24:10.0949 4780  Sym_hi - ok
13:24:10.0980 4780  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:24:10.0980 4780  Sym_u3 - ok
13:24:11.0058 4780  [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:24:11.0074 4780  SynTP - ok
13:24:11.0152 4780  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
13:24:11.0183 4780  SysMain - ok
13:24:11.0245 4780  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:24:11.0245 4780  TabletInputService - ok
13:24:11.0339 4780  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:24:11.0354 4780  TapiSrv - ok
13:24:11.0401 4780  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
13:24:11.0401 4780  TBS - ok
13:24:11.0495 4780  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:24:11.0510 4780  Tcpip - ok
13:24:11.0542 4780  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:24:11.0557 4780  Tcpip6 - ok
13:24:11.0635 4780  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:24:11.0635 4780  tcpipreg - ok
13:24:11.0729 4780  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:24:11.0729 4780  TDPIPE - ok
13:24:11.0744 4780  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:24:11.0760 4780  TDTCP - ok
13:24:11.0869 4780  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:24:11.0869 4780  tdx - ok
13:24:11.0900 4780  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:24:11.0900 4780  TermDD - ok
13:24:12.0088 4780  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
13:24:12.0103 4780  TermService - ok
13:24:12.0134 4780  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
13:24:12.0150 4780  Themes - ok
13:24:12.0197 4780  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:24:12.0197 4780  THREADORDER - ok
13:24:12.0290 4780  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
13:24:12.0306 4780  TrkWks - ok
13:24:12.0368 4780  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:24:12.0368 4780  TrustedInstaller - ok
13:24:12.0431 4780  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:12.0431 4780  tssecsrv - ok
13:24:12.0478 4780  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:24:12.0478 4780  tunmp - ok
13:24:12.0556 4780  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:24:12.0571 4780  tunnel - ok
13:24:12.0602 4780  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:24:12.0602 4780  uagp35 - ok
13:24:12.0649 4780  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:24:12.0649 4780  udfs - ok
13:24:12.0805 4780  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:24:12.0805 4780  UI0Detect - ok
13:24:12.0868 4780  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:24:12.0883 4780  uliagpkx - ok
13:24:12.0914 4780  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:24:12.0914 4780  uliahci - ok
13:24:12.0992 4780  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:24:12.0992 4780  UlSata - ok
13:24:13.0024 4780  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:24:13.0039 4780  ulsata2 - ok
13:24:13.0070 4780  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:24:13.0070 4780  umbus - ok
13:24:13.0102 4780  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
13:24:13.0117 4780  upnphost - ok
13:24:13.0148 4780  upperdev - ok
13:24:13.0195 4780  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:24:13.0195 4780  usbccgp - ok
13:24:13.0242 4780  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:24:13.0242 4780  usbcir - ok
13:24:13.0273 4780  [ B1C7EDB07F61BDEE587831B440FC7656 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:24:13.0273 4780  usbehci - ok
13:24:13.0289 4780  [ 697C45D6CEA9AD978F90636BE7C93229 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:24:13.0304 4780  usbhub - ok
13:24:13.0351 4780  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:24:13.0351 4780  usbohci - ok
13:24:13.0445 4780  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:24:13.0445 4780  usbprint - ok
13:24:13.0476 4780  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:13.0492 4780  USBSTOR - ok
13:24:13.0538 4780  [ C8D88A2A3587A8424B4B17A6F7EB67FA ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:24:13.0538 4780  usbuhci - ok
13:24:13.0616 4780  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:24:13.0648 4780  usbvideo - ok
13:24:13.0694 4780  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
13:24:13.0710 4780  UxSms - ok
13:24:13.0772 4780  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
13:24:13.0788 4780  vds - ok
13:24:13.0850 4780  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:13.0850 4780  vga - ok
13:24:13.0882 4780  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:24:13.0897 4780  VgaSave - ok
13:24:13.0913 4780  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
13:24:13.0913 4780  viaide - ok
13:24:13.0944 4780  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:24:13.0944 4780  volmgr - ok
13:24:13.0991 4780  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:24:13.0991 4780  volmgrx - ok
13:24:14.0038 4780  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:24:14.0053 4780  volsnap - ok
13:24:14.0256 4780  [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
13:24:14.0272 4780  vpnagent - ok
13:24:14.0303 4780  [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
13:24:14.0303 4780  vpnva - ok
13:24:14.0350 4780  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:24:14.0350 4780  vsmraid - ok
13:24:14.0490 4780  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
13:24:14.0568 4780  VSS - ok
13:24:14.0615 4780  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
13:24:14.0630 4780  W32Time - ok
13:24:14.0662 4780  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:24:14.0662 4780  WacomPen - ok
13:24:14.0849 4780  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:24:14.0849 4780  Wanarp - ok
13:24:14.0864 4780  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:24:14.0864 4780  Wanarpv6 - ok
13:24:14.0958 4780  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:24:14.0974 4780  wcncsvc - ok
13:24:15.0005 4780  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:24:15.0005 4780  WcsPlugInService - ok
13:24:15.0036 4780  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
13:24:15.0036 4780  Wd - ok
13:24:15.0098 4780  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:24:15.0114 4780  Wdf01000 - ok
13:24:15.0192 4780  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:24:15.0192 4780  WdiServiceHost - ok
13:24:15.0208 4780  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:24:15.0208 4780  WdiSystemHost - ok
13:24:15.0348 4780  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
13:24:15.0348 4780  WebClient - ok
13:24:15.0410 4780  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:24:15.0426 4780  Wecsvc - ok
13:24:15.0457 4780  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:24:15.0473 4780  wercplsupport - ok
13:24:15.0520 4780  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
13:24:15.0535 4780  WerSvc - ok
13:24:15.0551 4780  WinDefend - ok
13:24:15.0551 4780  WinHttpAutoProxySvc - ok
13:24:15.0691 4780  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:24:15.0691 4780  Winmgmt - ok
13:24:15.0894 4780  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:24:16.0019 4780  WinRM - ok
13:24:16.0112 4780  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:24:16.0128 4780  Wlansvc - ok
13:24:16.0128 4780  wltrysvc - ok
13:24:16.0190 4780  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:24:16.0190 4780  WmiAcpi - ok
13:24:16.0268 4780  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:24:16.0284 4780  wmiApSrv - ok
13:24:16.0331 4780  WMPNetworkSvc - ok
13:24:16.0362 4780  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:24:16.0362 4780  WPCSvc - ok
13:24:16.0424 4780  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:24:16.0424 4780  WPDBusEnum - ok
13:24:16.0502 4780  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:24:16.0534 4780  WpdUsb - ok
13:24:16.0877 4780  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:24:16.0986 4780  WPFFontCache_v0400 - ok
13:24:17.0048 4780  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:24:17.0048 4780  ws2ifsl - ok
13:24:17.0080 4780  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
13:24:17.0080 4780  wscsvc - ok
13:24:17.0095 4780  WSearch - ok
13:24:17.0329 4780  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:24:17.0454 4780  wuauserv - ok
13:24:17.0501 4780  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:17.0501 4780  WUDFRd - ok
13:24:17.0548 4780  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:24:17.0563 4780  wudfsvc - ok
13:24:17.0626 4780  ================ Scan global ===============================
13:24:17.0657 4780  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:24:17.0750 4780  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:24:17.0766 4780  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:24:17.0828 4780  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
13:24:17.0828 4780  [Global] - ok
13:24:17.0844 4780  ================ Scan MBR ==================================
13:24:17.0875 4780  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
13:24:18.0343 4780  \Device\Harddisk0\DR0 - ok
13:24:18.0343 4780  ================ Scan VBR ==================================
13:24:18.0390 4780  [ 1C981D0E92186A444F16C0BD0130D3EA ] \Device\Harddisk0\DR0\Partition1
13:24:18.0390 4780  \Device\Harddisk0\DR0\Partition1 - ok
13:24:18.0421 4780  [ B75FF2AEF26B9C1F554507219A41DF21 ] \Device\Harddisk0\DR0\Partition2
13:24:18.0421 4780  \Device\Harddisk0\DR0\Partition2 - ok
13:24:18.0421 4780  ============================================================
13:24:18.0421 4780  Scan finished
13:24:18.0421 4780  ============================================================
13:24:18.0437 4300  Detected object count: 0
13:24:18.0437 4300  Actual detected object count: 0
13:33:01.0684 4752  Deinitialize success
         
1000 dank

Alt 26.11.2012, 13:49   #5
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,




Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • Conduit Engine
    • MessengerPlusLive Germany TB Toolbar
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 4
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 5
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • eventuell auftretende Probleme bei den Deinstallationen,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.


Alt 26.11.2012, 19:23   #6
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



hallo,

die beiden programme konnte ich leider nicht manuell deinstallieren.

adwcleaner

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 26/11/2012 um 15:12:15 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Francia - FRANCIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Francia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\ConduitEngine
Gelöscht mit Neustart : C:\Program Files (x86)\MessengerPlusLive_Germany_TB
Gelöscht mit Neustart : C:\Users\Francia\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Francia\AppData\LocalLow\ConduitEngine
Gelöscht mit Neustart : C:\Users\Francia\AppData\LocalLow\MessengerPlusLive_Germany_TB
Gelöscht mit Neustart : C:\Users\Francia\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\Conduit
Gelöscht mit Neustart : C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\ConduitEngine

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MessengerPlusLive_Germany_TB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MessengerPlusLive_Germany_TB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\MessengerPlusLive_Germany_TB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA5BBDDF-5A0E-445F-8988-C9511522C7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5022A98F-263F-4541-B802-233E39B39A8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE4AA3EC-8FC0-49BD-9E4C-E497C0A2FD6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MessengerPlusLive_Germany_TB Toolbar

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\prefs.js

C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2719325.CTID", "CT2719325");
Gelöscht : user_pref("CT2719325.CommunitiesChangesLastCheckTime", "0");
Gelöscht : user_pref("CT2719325.CurrentServerDate", "12-8-2010");
Gelöscht : user_pref("CT2719325.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2719325.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2719325.EMailNotifierPollDate", "Wed Aug 11 2010 11:15:35 GMT+0200");
Gelöscht : user_pref("CT2719325.EnableClickToSearchBox", false);
Gelöscht : user_pref("CT2719325.EnableSearchHistory", false);
Gelöscht : user_pref("CT2719325.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2719325.EnableUsage", false);
Gelöscht : user_pref("CT2719325.FeedLastCount7577869347469948784", 471);
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663813", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663819", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663825", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663831", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663837", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820093", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820099", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820105", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820111", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820117", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820123", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820129", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820135", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820141", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820147", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820153", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820159", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820165", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820171", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820177", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820183", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820189", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820195", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820201", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820207", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820213", "Thu Aug 12 2010 19:57:49 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923663831", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820111", 2);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Gelöscht : user_pref("CT2719325.FirstServerDate", "11-8-2010");
Gelöscht : user_pref("CT2719325.FirstTime", true);
Gelöscht : user_pref("CT2719325.FirstTimeFF3", true);
Gelöscht : user_pref("CT2719325.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2719325.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2719325.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2719325.GroupingLastCheckTime", "0");
Gelöscht : user_pref("CT2719325.GroupingLastServerUpdateTime", "0");
Gelöscht : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2719325.Initialize", true);
Gelöscht : user_pref("CT2719325.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2719325.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2719325.InstalledDate", "Wed Aug 11 2010 11:15:35 GMT+0200");
Gelöscht : user_pref("CT2719325.InvalidateCache", false);
Gelöscht : user_pref("CT2719325.IsGrouping", false);
Gelöscht : user_pref("CT2719325.IsMulticommunity", false);
Gelöscht : user_pref("CT2719325.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2719325.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2719325.LanguagePackLastCheckTime", "Wed Aug 11 2010 11:15:43 GMT+0200");
Gelöscht : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2719325.LastLogin_2.7.1.3", "Thu Aug 12 2010 19:57:54 GMT+0200");
Gelöscht : user_pref("CT2719325.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2719325.Locale", "de");
Gelöscht : user_pref("CT2719325.LoginCache", 4);
Gelöscht : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2719325.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2719325.RadioIsPodcast", false);
Gelöscht : user_pref("CT2719325.RadioLastCheckTime", "Thu Aug 12 2010 13:33:46 GMT+0200");
Gelöscht : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2719325.RadioLastUpdateServer", "129246150971600000");
Gelöscht : user_pref("CT2719325.RadioMediaID", "21056683");
Gelöscht : user_pref("CT2719325.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Gelöscht : user_pref("CT2719325.RadioShrinked", "shrinked");
Gelöscht : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Gelöscht : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Gelöscht : user_pref("CT2719325.SHRINK_TOOLBAR", 0);
Gelöscht : user_pref("CT2719325.SearchBackToDefaultEngine", false);
Gelöscht : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Gelöscht : user_pref("CT2719325.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Thu Aug 12 2010 13:33:57 GMT+0200");
Gelöscht : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2719325.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2719325.SearchProtectorToolbarDisabled", true);
Gelöscht : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2719325.SettingsLastCheckTime", "Wed Aug 11 2010 11:16:10 GMT+0200");
Gelöscht : user_pref("CT2719325.SettingsLastUpdate", "1281338650");
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Wed Aug 11 2010 11:15:16 GMT+0200");
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2719325.ToolbarDisabled", true);
Gelöscht : user_pref("CT2719325.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2719325.UserID", "UN92686422791974098");
Gelöscht : user_pref("CT2719325.ValidationData_Search", 0);
Gelöscht : user_pref("CT2719325.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2719325.WeatherNetwork", "");
Gelöscht : user_pref("CT2719325.WeatherPollDate", "Wed Aug 11 2010 11:15:37 GMT+0200");
Gelöscht : user_pref("CT2719325.WeatherUnit", "C");
Gelöscht : user_pref("CT2719325.alertChannelId", "1111610");
Gelöscht : user_pref("CT2719325.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2719325.components.1000034", false);
Gelöscht : user_pref("CT2719325.components.1000082", false);
Gelöscht : user_pref("CT2719325.components.1000234", false);
Gelöscht : user_pref("CT2719325.components.129246080717303935", false);
Gelöscht : user_pref("CT2719325.myStuffEnabled", true);
Gelöscht : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?ei=UTF[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2719325,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2719325");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 10 2011 09:14:03 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 30 2011 08:55:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 23:43:13 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "315aa71a-8caa-4036-a9f5-babb438e32f6");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 11 2010 11:15:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 29 2011 08:56:06 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 27 2011 19:01:34 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/10/2011 10");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Tue May 10 2011 09:14:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 29 2011 23:43:12 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Jun 30 2011 06:24:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Jun 30 2011 06:24:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN86176625886965764");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 29 2011 23:43:12 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Jun 30 2011 06:24:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [18476 octets] - [26/11/2012 15:10:42]
AdwCleaner[S1].txt - [18231 octets] - [26/11/2012 15:12:15]

########## EOF - C:\AdwCleaner[S1].txt - [18292 octets] ##########
         
jrt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.4 (11.26.2012)
OS: Windows (TM) Vista Home Premium x64
Ran by Francia on 26.11.2012 at 15:30:09,72
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\Spotify Web Helper



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\prefs.js

user_pref("extensions.jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.reminderRatePref", 0);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.11.2012 at 15:38:46,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

combofix

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-26.02 - Francia 26.11.2012  19:41:32.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1435 [GMT 1:00]
ausgeführt von:: c:\users\Francia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-26 bis 2012-11-26  ))))))))))))))))))))))))))))))
.
.
2012-11-26 18:39 . 2012-11-26 18:39	--------	d-----w-	C:\32788R22FWJFW
2012-11-26 14:29 . 2012-11-26 14:29	--------	d-----w-	c:\windows\ERUNT
2012-11-26 14:29 . 2012-11-26 14:29	--------	d-----w-	C:\JRT
2012-11-26 11:23 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E023D024-313F-4B50-B877-7095E7AC0794}\mpengine.dll
2012-11-19 07:14 . 2012-10-30 22:51	132864	----a-w-	c:\windows\system32\drivers\aswFW.sys
2012-11-19 07:11 . 2012-10-30 22:51	262656	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2012-11-19 07:11 . 2012-10-30 22:51	21136	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2012-11-19 07:10 . 2012-09-21 09:26	12368	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2012-11-16 19:13 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-16 19:13 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-16 19:13 . 2012-09-25 16:31	91648	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 19:13 . 2012-09-25 16:19	75776	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 19:13 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-11-16 19:13 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-11-16 19:13 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-11-16 19:13 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-11-16 19:12 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-11-16 19:12 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-11-16 19:12 . 2012-10-12 14:53	2769920	----a-w-	c:\windows\system32\win32k.sys
2012-11-16 19:12 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-11-16 19:12 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-11-16 19:12 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 19:23 . 2012-04-18 16:10	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-16 19:23 . 2012-01-06 08:14	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-07-29 07:39	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-29 07:39	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-29 07:39	44272	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-29 07:39	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-29 07:39	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-07-29 07:39	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-29 07:38	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-29 07:38	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-07-29 07:39	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-29 20:04 . 2006-11-02 12:35	66395536	----a-w-	c:\windows\system32\mrt.exe
2012-09-29 18:54 . 2012-01-03 20:48	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-19 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Francia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Francia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-19 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-19 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 19:23]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 07:39]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 07:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Francia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - ExtSQL: !HIDDEN! 2009-10-20 09:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-11-26  19:52:37
ComboFix-quarantined-files.txt  2012-11-26 18:52
ComboFix2.txt  2012-01-05 10:21
.
Vor Suchlauf: 14 Verzeichnis(se), 69.812.207.616 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 69.815.607.296 Bytes frei
.
- - End Of File - - 7810107C33592D2E51543276FF9FB4C0
         
--- --- ---
vielen dank schonmal

Alt 27.11.2012, 07:38   #7
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,



gut gemacht.



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Alt 27.11.2012, 11:38   #8
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



hi,

otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2012 12:19:56 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,33% Memory free
6,19 Gb Paging File | 4,40 Gb Available in Paging File | 71,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 65,02 Gb Free Space | 29,80% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.19 08:08:32 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\Setup\avast.setup
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 09:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Francia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.02 17:47:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL.exe
PRC - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.05.23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.11.19 08:00:22 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009.03.19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 22:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.11.26 21:05:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Start_Pending] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011.08.03 21:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.06.15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.05.06 16:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 19:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 17:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 E2 88 AC 07 CC CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 08:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.26 22:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.26 21:24:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.26 22:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.26 21:24:19 | 000,000,000 | ---D | M]
 
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Extensions
[2012.11.24 15:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions
[2012.11.17 20:46:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\foxmarks@kei.com
[2009.10.20 22:36:17 | 000,002,171 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\bing.xml
[2012.11.16 18:45:00 | 000,001,018 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\Mozilla\Firefox\Profiles\7ycs46wx.default\searchplugins\facebook.xml
[2012.11.26 22:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.06 09:29:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.26 21:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.19 08:10:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: avast! WebRep = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
 
O1 HOSTS File: ([2012.01.05 11:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Francia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Francia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F4689E-70FE-4B1F-AB21-738BF7F49F34}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.26 21:04:16 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.11.26 21:04:16 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.11.26 21:04:16 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.11.26 20:52:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.26 19:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.26 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Francia\AppData\Local\temp
[2012.11.26 19:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 19:39:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 19:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 19:39:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012.11.26 18:53:46 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Francia\Desktop\ComboFix.exe
[2012.11.26 15:29:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 15:29:11 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 12:38:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Francia\Desktop\aswMBR.exe
[2012.11.19 08:14:57 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.11.19 08:11:04 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.11.19 08:11:02 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.11.19 08:10:58 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.11.19 08:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.18 03:02:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.18 03:02:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.18 03:02:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.18 03:02:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.18 03:02:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.18 03:02:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.18 03:02:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.18 03:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.18 03:02:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.18 03:02:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.18 03:02:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.18 03:02:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.18 03:02:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.18 03:02:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.18 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 20:13:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 20:13:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.16 20:13:03 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.11.16 20:13:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.11.16 20:12:49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.11.16 20:12:42 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009.12.12 22:43:21 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Francia\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 12:23:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 12:19:33 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 12:13:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:13:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:13:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 12:13:28 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 22:41:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.26 22:08:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 21:05:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.26 21:05:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.26 18:54:03 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Francia\Desktop\ComboFix.exe
[2012.11.26 15:28:33 | 000,909,379 | ---- | M] () -- C:\Users\Francia\Desktop\JRT.exe
[2012.11.26 15:09:29 | 000,480,125 | ---- | M] () -- C:\Users\Francia\Desktop\adwcleaner.exe
[2012.11.26 13:21:50 | 000,000,512 | ---- | M] () -- C:\Users\Francia\Desktop\MBR.dat
[2012.11.26 12:39:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Francia\Desktop\aswMBR.exe
[2012.11.23 11:04:36 | 000,000,000 | ---- | M] () -- C:\Users\Francia\defogger_reenable
[2012.11.23 11:03:40 | 000,050,477 | ---- | M] () -- C:\Users\Francia\Desktop\Defogger.exe
[2012.11.23 07:54:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 23:18:41 | 000,002,655 | ---- | M] () -- C:\Users\Francia\Desktop\Microsoft Office Word 2007.lnk
[2012.11.21 10:37:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 10:37:04 | 000,628,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 10:37:04 | 000,596,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 10:37:04 | 000,126,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 10:37:04 | 000,104,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:36:24 | 000,082,562 | ---- | M] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:11:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.19 08:07:55 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 17:15:10 | 000,305,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 19:17:56 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.26 19:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 19:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 19:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 19:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 19:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 15:28:28 | 000,909,379 | ---- | C] () -- C:\Users\Francia\Desktop\JRT.exe
[2012.11.26 15:09:28 | 000,480,125 | ---- | C] () -- C:\Users\Francia\Desktop\adwcleaner.exe
[2012.11.26 13:21:50 | 000,000,512 | ---- | C] () -- C:\Users\Francia\Desktop\MBR.dat
[2012.11.23 11:04:36 | 000,000,000 | ---- | C] () -- C:\Users\Francia\defogger_reenable
[2012.11.23 11:03:32 | 000,050,477 | ---- | C] () -- C:\Users\Francia\Desktop\Defogger.exe
[2012.11.19 08:36:17 | 000,082,562 | ---- | C] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:07:55 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011.03.24 20:28:59 | 000,000,732 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps64.dat
[2010.08.24 17:53:36 | 000,006,836 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps.dat
[2009.12.04 15:41:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.04 15:40:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.04 15:40:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.11.29 20:27:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.26 10:00:24 | 000,157,424 | ---- | C] () -- C:\Windows\SysWow64\STWmiM64.dll
[2009.11.26 10:00:24 | 000,000,060 | ---- | C] () -- C:\Windows\SysWow64\winpeshl.ini
[2009.11.26 10:00:24 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\ST_LOG.INI
[2009.11.26 10:00:23 | 002,303,728 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009.11.26 10:00:23 | 001,372,672 | ---- | C] () -- C:\Windows\SysWow64\Restore7.exe
[2009.11.26 10:00:23 | 000,619,760 | ---- | C] () -- C:\Windows\SysWow64\STBackupEngine.dll
[2009.11.26 10:00:23 | 000,581,872 | ---- | C] () -- C:\Windows\SysWow64\STRegistry64.dll
[2009.11.26 10:00:23 | 000,578,288 | ---- | C] () -- C:\Windows\SysWow64\BackupApi.dll
[2009.11.26 10:00:23 | 000,540,912 | ---- | C] () -- C:\Windows\SysWow64\STString64d.dll
[2009.11.26 10:00:23 | 000,385,264 | ---- | C] () -- C:\Windows\SysWow64\STFiles64.dll
[2009.11.26 10:00:23 | 000,334,576 | ---- | C] () -- C:\Windows\SysWow64\RestoreLauncher.exe
[2009.11.26 10:00:23 | 000,172,784 | ---- | C] () -- C:\Windows\SysWow64\STLog64.dll
[2009.11.26 10:00:23 | 000,152,816 | ---- | C] () -- C:\Windows\SysWow64\STNLS64.dll
[2009.11.26 10:00:23 | 000,134,384 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk64.dll
[2009.11.26 10:00:23 | 000,132,848 | ---- | C] () -- C:\Windows\SysWow64\STPE64.dll
[2009.11.26 10:00:23 | 000,127,728 | ---- | C] () -- C:\Windows\SysWow64\STCrypto64.dll
[2009.11.26 10:00:23 | 000,108,272 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009.11.26 10:00:23 | 000,106,224 | ---- | C] () -- C:\Windows\SysWow64\STMsXml64.dll
[2009.11.26 10:00:23 | 000,092,400 | ---- | C] () -- C:\Windows\SysWow64\STEncryptableVol64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcessDLL64.dll
[2009.11.26 10:00:23 | 000,089,328 | ---- | C] () -- C:\Windows\SysWow64\STProcess64.dll
[2009.11.26 10:00:23 | 000,052,464 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml64.dll
[2009.11.26 10:00:23 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\abort.dat
[2009.10.21 22:28:55 | 000,155,136 | ---- | C] () -- C:\Users\Francia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 11:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.11 00:28:12 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.10.10 23:01:39 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.10.10 22:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.30 11:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Francia\Desktop\La gorda.mp4:TOC.WMV

< End of report >
         
--- --- ---



extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 12:19:56 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,33% Memory free
6,19 Gb Paging File | 4,40 Gb Available in Paging File | 71,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 65,02 Gb Free Space | 29,80% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 0C 88 2B CC E5 CB CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D1E06C-B83F-4B9A-85FF-430C8E4DF89F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1ABFCA35-0562-4D32-9243-032749BA0B66}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D229D36-F8E2-4BA1-9427-FE66DE3385D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{72D25A26-5050-4A5E-9AA4-26CD805D6F4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8AA9A9D2-EF66-483A-A40F-4B23B6518E40}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9729BCEA-43A4-48F4-881F-6D4CEFF28F4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A107AF07-C3BA-4E88-9262-66EF6AF4D20D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4439DB7-CE93-4FF3-8A18-43F9950F5E33}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B3CB0FB3-D664-4CA2-8FB8-BAB7C5976260}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BEBA94B7-CF9F-461E-A6B2-FA184C4BE5DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3946001-6BE1-4D5A-8C87-919A461B5985}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2F6ABCB-9A69-4333-A858-B983BEC3AF27}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014E5259-F4D0-495F-A154-166B211C9580}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
"{1910085A-C2D8-4490-8CC6-EBB3BE0675D8}" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{26288DF6-2E74-4F2E-8756-C5CBDE05A0E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4925B322-8793-4E33-971B-1E70F07E1F90}" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5EE6612F-5098-4B04-8584-9F7ECF478116}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70A7AA27-3A71-4261-8E1D-69D79B071D79}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{7699D49E-6C61-43B9-A442-209189939794}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{7C8DE86C-99FE-492B-9174-63752FA65155}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8857711F-95EE-443D-927A-82A0E968FFA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8E8559E7-E132-42C1-9E5C-AAF486C737FD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
"{9EEB2E67-CBB1-4EBD-BF62-B8E857481264}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{B19E2329-D118-49C6-8B82-7C86B0D67786}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D1A7053B-2D7B-4D5D-80C7-42FF506FF2E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D7030D5A-A89F-4427-B99F-FAE0FB96CE74}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F162C079-1DFD-4E72-A621-78FBEEFB0A87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{32A5CAF5-D8A5-419A-B8D8-DDE5937CA40A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{33E744C6-1F31-4560-BC99-361274BD426A}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{5C4717A7-B5B9-48DB-9A0D-E73CB47B2CF9}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{8F60E73A-A3BE-47E8-9FF1-5C6698D0C680}C:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BF43859B-BB30-4851-AC69-C31CAF4EF216}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{55B8E79B-E942-4DB0-A361-28FAF51A1441}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{578D7969-C871-4FAE-A50E-69A04F2DD6EE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{69C537BA-9591-4815-A0CF-DBBC599FCB9E}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9CB1EE9F-8D8B-4BC8-B50D-691D5D0D48AD}C:\users\francia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9DA8F097-6EB3-4BA3-B50D-DF2BE60C8956}C:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\francia\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)  
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Internet Security
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Secure Eraser_is1" = Secure Eraser v4.0
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2012 13:54:02 | Computer Name = Francia-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 26.11.2012 13:54:02 | Computer Name = Francia-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 26.11.2012 13:54:04 | Computer Name = Francia-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 26.11.2012 15:48:42 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.11.2012 15:52:31 | Computer Name = Francia-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Francia\Desktop\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 27.11.2012 07:15:18 | Computer Name = Francia-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 16.11.2012 13:39:08 | Computer Name = Francia-PC | Source = WLAN-Tray | ID = 0
Description = 18:37:31, Fri, Nov 16, 12 Error - Unable to gain access to user store

 
[ Cisco AnyConnect VPN Client Events ]
Error - 26.11.2012 10:02:41 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.11.2012 10:02:41 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.11.2012 10:02:46 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 26.11.2012 10:02:46 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 26.11.2012 10:02:46 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.11.2012 10:02:46 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 26.11.2012 10:14:38 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 26.11.2012 15:47:53 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 26.11.2012 17:42:17 | Computer Name = Francia-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 27.11.2012 07:14:22 | Computer Name = Francia-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 26.11.2012 16:23:44 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.11.2012 16:23:44 | Computer Name = Francia-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 26.11.2012 16:47:38 | Computer Name = Francia-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 26.11.2012 16:53:53 | Computer Name = Francia-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 27.11.2012 07:15:19 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.11.2012 07:18:30 | Computer Name = Francia-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.11.2012 07:18:30 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.11.2012 07:18:31 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2012 07:19:03 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.11.2012 07:19:03 | Computer Name = Francia-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


vielen dank schon einmal

Alt 27.11.2012, 13:36   #9
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt 2
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 27.11.2012, 19:15   #10
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



hallo,

nochmal danke schön

otl



Code:
ATTFilter
 
All processes killed
========== OTL ==========
Prefs.js: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3 removed from extensions.enabledItems
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Francia
->Temp folder emptied: 47264223 bytes
->Temporary Internet Files folder emptied: 22638777 bytes
->Java cache emptied: 57225 bytes
->FireFox cache emptied: 66784425 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 759 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51483507 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782730 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 243 bytes
RecycleBin emptied: 621296 bytes
 
Total Files Cleaned = 215,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11272012_143944

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Code:
ATTFilter
  Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.27.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Francia :: FRANCIA-PC [Administrator]

27.11.2012 14:52:43
mbam-log-2012-11-27 (14-52-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214382
Laufzeit: 8 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
esta
Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 03:04:22
# local_time=2011-12-22 04:04:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 253345 99449939 7278 0
# compatibility_mode=5892 16776573 100 100 14793 162077281 0 0
# compatibility_mode=8192 67108863 100 0 4016 4016 0 0
# scanned=191226
# found=0
# cleaned=0
# scan_time=12886
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 04:40:38
# local_time=2011-12-30 05:40:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 65229 100135245 70510 0
# compatibility_mode=5892 16776573 100 100 4711 162762587 0 0
# compatibility_mode=8192 67108863 100 0 689322 689322 0 0
# scanned=96723
# found=6
# cleaned=6
# scan_time=24578
C:\Users\Francia\AppData\Local\23ceaf07\U\80000000.@	Win64/Sirefef.P trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cb.@	Win64/Sirefef.M trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cf.@	Win64/Sirefef.O trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4BBV1HW\3[1].exe	a variant of Win32/Kryptik.YFE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\Temp\8896.tmp	a variant of Win32/Kryptik.YFE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\Temp\msimg32.dll	a variant of Win32/Kryptik.YFE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 07:54:35
# local_time=2011-12-30 08:54:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 9851 100166306 6238 0
# compatibility_mode=5892 16776573 100 100 35772 162793648 0 0
# compatibility_mode=8192 67108863 100 0 720383 720383 0 0
# scanned=188486
# found=4
# cleaned=4
# scan_time=5154
C:\Users\Francia\AppData\Local\23ceaf07\X	Win64/Sirefef.Q trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\80000000.@	Win64/Sirefef.P trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cb.@	Win64/Sirefef.M trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cf.@	Win64/Sirefef.O trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 02:57:47
# local_time=2011-12-31 03:57:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 40238 100196693 36625 0
# compatibility_mode=5892 16776573 100 100 66159 162824035 0 0
# compatibility_mode=8192 67108863 100 0 750770 750770 0 0
# scanned=7435
# found=0
# cleaned=0
# scan_time=159
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 10:20:45
# local_time=2011-12-31 11:20:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 58159 100214614 54546 0
# compatibility_mode=5892 16776573 100 100 84080 162841956 0 0
# compatibility_mode=8192 67108863 100 0 768691 768691 0 0
# scanned=188333
# found=3
# cleaned=3
# scan_time=8816
C:\Users\Francia\AppData\Local\23ceaf07\U\80000000.@	Win64/Sirefef.P trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cb.@	Win64/Sirefef.M trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cf.@	Win64/Sirefef.O trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 05:41:41
# local_time=2012-01-02 06:41:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 154540 100417986 0 0
# compatibility_mode=5892 16776573 100 100 4032 163045328 0 0
# compatibility_mode=8192 67108863 100 0 972063 972063 0 0
# scanned=188642
# found=3
# cleaned=3
# scan_time=4700
C:\Users\Francia\AppData\Local\23ceaf07\U\80000000.@	Win64/Sirefef.P trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cb.@	Win64/Sirefef.M trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Francia\AppData\Local\23ceaf07\U\800000cf.@	Win64/Sirefef.O trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 05:42:31
# local_time=2012-01-05 06:42:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 418469 100681915 158639 0
# compatibility_mode=5892 16776573 100 100 14225 163309257 0 0
# compatibility_mode=8192 67108863 100 0 1235992 1235992 0 0
# scanned=29
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 07:05:51
# local_time=2012-01-05 08:05:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 418543 100681989 158713 0
# compatibility_mode=5892 16776573 100 100 14299 163309331 0 0
# compatibility_mode=8192 67108863 100 0 1236066 1236066 0 0
# scanned=183982
# found=0
# cleaned=0
# scan_time=4947
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 04:19:54
# local_time=2012-01-07 05:19:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 582337 100842183 318907 0
# compatibility_mode=5892 16776573 100 56 21522 163469525 0 0
# compatibility_mode=8192 67108863 100 0 1396260 1396260 0 0
# scanned=300392
# found=0
# cleaned=0
# scan_time=7575
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 07:03:53
# local_time=2012-01-24 08:03:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 251392 102312935 0 0
# compatibility_mode=5892 16776573 100 56 369665 164940277 0 0
# compatibility_mode=8192 67108863 100 0 2867012 2867012 0 0
# scanned=350568
# found=0
# cleaned=0
# scan_time=15462
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 12:34:20
# local_time=2012-11-23 01:34:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 51474 191147278 0 0
# compatibility_mode=8192 67108863 100 0 29074013 29074013 0 0
# scanned=196991
# found=1
# cleaned=0
# scan_time=7488
C:\Users\Francia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\400cd48f-49d3c53c	a variant of Java/Exploit.CVE-2011-3544.BR trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 10:05:28
# local_time=2012-11-23 11:05:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 33712 191185788 0 0
# compatibility_mode=8192 67108863 100 0 29112523 29112523 0 0
# scanned=80686
# found=1
# cleaned=0
# scan_time=3246
C:\Users\Francia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\400cd48f-49d3c53c	a variant of Java/Exploit.CVE-2011-3544.BR trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 12:45:08
# local_time=2012-11-23 01:45:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 38562 191190638 0 0
# compatibility_mode=8192 67108863 100 0 29117373 29117373 0 0
# scanned=196816
# found=1
# cleaned=0
# scan_time=7975
C:\Users\Francia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\400cd48f-49d3c53c	a variant of Java/Exploit.CVE-2011-3544.BR trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a75992263a68d245af186637155bd908
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-27 04:09:21
# local_time=2012-11-27 05:09:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 12424 191548956 0 0
# compatibility_mode=8192 67108863 100 0 29475691 29475691 0 0
# scanned=196115
# found=0
# cleaned=0
# scan_time=7510
         
Code:
ATTFilter
  Results of screen317's Security Check version 0.99.56  
 Windows Vista Service Pack 2 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.3001)   
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Java(TM) 6 Update 37  
 Java version out of Date! 
 Adobe Flash Player 	11.5.502.110  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (17.0) 
 Google Chrome 21.0.1180.83  
 Google Chrome 21.0.1180.89  
 Google Chrome 23.0.1271.64  
 Google Chrome 23.0.1271.91  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 27.11.2012, 19:34   #11
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,



lösche die vorhandene OTL.exe von deinem Desktop und lade dir das Programm neu herunter:





Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs wird 1 Logdatei erstellt.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alt 27.11.2012, 20:13   #12
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2012 20:56:35 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Francia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,05% Memory free
6,19 Gb Paging File | 4,08 Gb Available in Paging File | 65,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 64,65 Gb Free Space | 29,63% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,13 Gb Free Space | 35,01% Space Free | Partition Type: NTFS
 
Computer Name: FRANCIA-PC | User Name: Francia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 20:55:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL (1).exe
PRC - [2012.11.27 19:23:17 | 008,537,680 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 09:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.06.11 16:35:24 | 000,183,880 | ---- | M] (Microsoft Corporation.) -- C:\Windows\temp\IXP000.TMP\BBSetup.exe
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.05.23 20:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 17:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.18 17:30:58 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.18 17:30:46 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 22:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.11.26 21:05:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.19 08:00:22 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.03 21:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.06.15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.05.06 16:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 06:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 19:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 17:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 22:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008.09.15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007.11.14 09:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 E2 88 AC 07 CC CD 01  [binary data]
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=DLCDF7&q={searchTerms}&src={referrer:source?}&PC=MDDC
IE - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 08:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.26 22:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.26 21:24:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.26 22:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.26 21:24:19 | 000,000,000 | ---D | M]
 
[2009.10.19 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Extensions
[2012.11.24 15:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions
[2012.11.17 20:46:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Francia\AppData\Roaming\mozilla\Firefox\Profiles\7ycs46wx.default\extensions\foxmarks@kei.com
[2012.09.02 20:01:13 | 000,194,020 | ---- | M] () (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\gmailadsremover@florian.bersier.xpi
[2012.08.23 09:31:08 | 000,185,363 | ---- | M] () (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
[2012.02.22 09:33:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.11.24 15:20:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.10.20 22:36:17 | 000,002,171 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\searchplugins\bing.xml
[2012.11.16 18:45:00 | 000,001,018 | ---- | M] () -- C:\Users\Francia\AppData\Roaming\mozilla\firefox\profiles\7ycs46wx.default\searchplugins\facebook.xml
[2012.11.26 22:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.06 09:29:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.29 09:06:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.26 21:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.19 08:10:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Francia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: avast! WebRep = C:\Users\Francia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
 
O1 HOSTS File: ([2012.01.05 11:15:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [!BingBar] C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [wextract_cleanup0] C:\Windows\SysWow64\advpack.DLL (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Francia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Francia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F4689E-70FE-4B1F-AB21-738BF7F49F34}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Francia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Francia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Francia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 20:55:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL (1).exe
[2012.11.26 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.26 21:04:16 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.11.26 21:04:16 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.11.26 21:04:16 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.11.26 20:52:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.26 19:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.26 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Francia\AppData\Local\temp
[2012.11.26 19:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 19:39:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 19:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 19:39:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012.11.26 18:53:46 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Francia\Desktop\ComboFix.exe
[2012.11.26 15:29:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 15:29:11 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 12:38:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Francia\Desktop\aswMBR.exe
[2012.11.19 08:14:57 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.11.19 08:11:04 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.11.19 08:11:02 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.11.19 08:10:58 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.11.19 08:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.11.18 03:02:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.18 03:02:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.18 03:02:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.18 03:02:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.18 03:02:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.18 03:02:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.18 03:02:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.18 03:02:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.18 03:02:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.18 03:02:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.18 03:02:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.18 03:02:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.18 03:02:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.18 03:02:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.18 03:02:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 20:13:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 20:13:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.16 20:13:03 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.11.16 20:13:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.11.16 20:12:49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.11.16 20:12:42 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009.12.12 22:43:21 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Francia\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 20:55:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Francia\Desktop\OTL (1).exe
[2012.11.27 20:44:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 20:44:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 20:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 20:20:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.27 20:08:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 19:20:33 | 000,856,731 | ---- | M] () -- C:\Users\Francia\Desktop\SecurityCheck.exe
[2012.11.27 19:08:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 14:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 14:43:44 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 12:34:03 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.26 22:41:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.26 21:05:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.26 21:05:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.26 18:54:03 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Francia\Desktop\ComboFix.exe
[2012.11.26 15:28:33 | 000,909,379 | ---- | M] () -- C:\Users\Francia\Desktop\JRT.exe
[2012.11.26 15:09:29 | 000,480,125 | ---- | M] () -- C:\Users\Francia\Desktop\adwcleaner.exe
[2012.11.26 13:21:50 | 000,000,512 | ---- | M] () -- C:\Users\Francia\Desktop\MBR.dat
[2012.11.26 12:39:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Francia\Desktop\aswMBR.exe
[2012.11.23 11:04:36 | 000,000,000 | ---- | M] () -- C:\Users\Francia\defogger_reenable
[2012.11.23 11:03:40 | 000,050,477 | ---- | M] () -- C:\Users\Francia\Desktop\Defogger.exe
[2012.11.23 07:54:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 23:18:41 | 000,002,655 | ---- | M] () -- C:\Users\Francia\Desktop\Microsoft Office Word 2007.lnk
[2012.11.21 10:37:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 10:37:04 | 000,628,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 10:37:04 | 000,596,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 10:37:04 | 000,126,704 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 10:37:04 | 000,104,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 08:36:24 | 000,082,562 | ---- | M] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:07:55 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.11.18 17:15:10 | 000,305,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.27 19:20:01 | 000,856,731 | ---- | C] () -- C:\Users\Francia\Desktop\SecurityCheck.exe
[2012.11.26 19:39:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 19:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 19:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 19:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 19:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 15:28:28 | 000,909,379 | ---- | C] () -- C:\Users\Francia\Desktop\JRT.exe
[2012.11.26 15:09:28 | 000,480,125 | ---- | C] () -- C:\Users\Francia\Desktop\adwcleaner.exe
[2012.11.26 13:21:50 | 000,000,512 | ---- | C] () -- C:\Users\Francia\Desktop\MBR.dat
[2012.11.23 11:04:36 | 000,000,000 | ---- | C] () -- C:\Users\Francia\defogger_reenable
[2012.11.23 11:03:32 | 000,050,477 | ---- | C] () -- C:\Users\Francia\Desktop\Defogger.exe
[2012.11.19 08:36:17 | 000,082,562 | ---- | C] () -- C:\Users\Francia\Documents\cc_20121119_083449.reg
[2012.11.19 08:07:55 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011.03.24 20:28:59 | 000,000,732 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps64.dat
[2010.08.24 17:53:36 | 000,006,836 | ---- | C] () -- C:\Users\Francia\AppData\Local\d3d9caps.dat
[2009.10.21 22:28:55 | 000,155,136 | ---- | C] () -- C:\Users\Francia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 11:23:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Francia\Desktop\La gorda.mp4:TOC.WMV

< End of report >
         
--- --- ---


[/code]

danke schön

p,s. sorry für die kürze aber meine tastatur funktioniert die ganze zeit nicht...

Alt 27.11.2012, 20:23   #13
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No CLSID value found.
O3 - HKU\S-1-5-21-1695605967-2725027817-2845256189-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Software / Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 4
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 5
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 6
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Schließe die sich öffnende Textdatei.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.





Schritt 7
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 27.11.2012, 21:45   #14
Michael_w
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Hallo,

jetzt mal von einem anderen Rechner, damit ich die Tastatur nutzen kann.
Habe alle Schritte hintereinander ausgeführt.
Folgende Fragen/ Probleme:

1.)Bei otl: in dem skript steht öfter (no name). Meintest Du damit "unkenntlich gemachte Stellen"? Ich hab es einfach so ausgeführt.

2.) Combofix ließ sich nicht deinstallieren bzw. wurde nicht gefunden.

3.) Meine Tastatur funktioniert noch nicht. Das war der eigentliche Grund, warum ich überhaupt auf die Idee gekommen bin, dass ich einen Virus/ Trojaner auf dem Rechner habe. Wie kann ich das wieder reparieren?

Auf jeden Fall 1000 Dank schonmal, es ist unglaublich wie schnell und gut verständlich Ihr einem in diesem Forum helft.

Beste Grüße



hier noch die otl

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1695605967-2725027817-2845256189-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Francia
->Temp folder emptied: 71378 bytes
->Temporary Internet Files folder emptied: 8908050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3029548 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10760174 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11800386 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 676238 bytes
 
Total Files Cleaned = 34,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_212819

Files\Folders moved on Reboot...
C:\Users\Francia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\84SYRBK5\127475-java-exploit-cve-2011-3544-br-trojan-2[1].htm moved successfully.
C:\Users\Francia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Francia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Francia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{142EB2A1-49D1-4EF9-BAA0-07551914AA91}.tmp not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\IXP000.TMP\BBSetup.exe not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 28.11.2012, 09:25   #15
M-K-D-B
/// TB-Ausbilder
 
Java/Exploit.CVE-2011-3544.BR trojan - Standard

Java/Exploit.CVE-2011-3544.BR trojan



Servus,



Zitat:
Zitat von Michael_w Beitrag anzeigen
3.) Meine Tastatur funktioniert noch nicht. Das war der eigentliche Grund, warum ich überhaupt auf die Idee gekommen bin, dass ich einen Virus/ Trojaner auf dem Rechner habe. Wie kann ich das wieder reparieren?
Ich kann bisher keinen Zusammenhang zwischen Malware und deiner Tastatur herstellen.

Eventuell kann dir in diesem Unterforum jemand weiterhelfen:
Netzwerk und Hardware



Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Java/Exploit.CVE-2011-3544.BR trojan
adobe, adobe flash player, antivirus, autorun, avast, bho, bingbar, cdburnerxp, desktop, error, explorer, firefox, firewall, flash player, format, home, logfile, malwarebytes, microsoft, mozilla, nodrives, plug-in, programme, registry, scan, secunia psi, senden, software, spotify web helper, trojan, vista



Ähnliche Themen: Java/Exploit.CVE-2011-3544.BR trojan


  1. Exploit.Java.CVE-2011-3544.jy + Weitere Viren?
    Log-Analyse und Auswertung - 20.12.2012 (34)
  2. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  3. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  4. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  5. 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)
    Log-Analyse und Auswertung - 03.08.2012 (25)
  6. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  7. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  8. Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner
    Log-Analyse und Auswertung - 17.05.2012 (20)
  9. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  10. EXP/CVE-2011-3544.BY, EXP/JAVA.Ternub.Gen Wie bekomm ich die Viren weg/ Hab ich die noch?
    Plagegeister aller Art und deren Bekämpfung - 08.04.2012 (4)
  11. 3 Viren: EXP/2011-3544.CZ und EXP/JAVA.Loader.Gen und EXP/CVE-2012-0507
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (2)
  12. Trojaner Exploit.Java.CVE-2011-3544.jh & Virus P2P-Worm.Win23.Palevo.nzl
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  13. Avira meldet EXP/2011-3544.BW.1 und JAVA/Dldr.OpenS.H
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (5)
  14. Java:CVE-2011-3544-AX und viele versteckte Objekte entdeckt, Rechner bockt
    Log-Analyse und Auswertung - 21.03.2012 (51)
  15. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  16. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)
  17. Windows Security Center 2012, Java/CVE-2011-3544.D und weitere Malware?
    Log-Analyse und Auswertung - 08.12.2011 (5)

Zum Thema Java/Exploit.CVE-2011-3544.BR trojan - hallo, mich hat es leider mal wieder erwischt, vielleicht kann jmd helfen eset Code: Alles auswählen Aufklappen ATTFilter C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\400cd48f-49d3c53c a variant of Java/Exploit.CVE-2011-3544.BR trojan otl,txt Code: Alles auswählen Aufklappen ATTFilter - Java/Exploit.CVE-2011-3544.BR trojan...
Archiv
Du betrachtest: Java/Exploit.CVE-2011-3544.BR trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.