Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Virus 100€ paysafe, Computersperrung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2013, 16:23   #1
Thomeex
 
GVU Virus 100€ paysafe, Computersperrung - Standard

GVU Virus 100€ paysafe, Computersperrung



Hallo,
ich habe mir gestern Abend so ein Gvu Virus eingefangen, als er mich dann blockiert habe konnte ich den rechner nach einem Neustar allerdings wieder beunutzen. Als ich dann heute den Rechner gestartet habe war der Virus wieder "aktiv" und die Neustarts haben dann auch nichts mehr gebracht. Ich habe dann über mein Handy nach einer Problemlösung in diesem Forum gesucht. Habe mir jetzt den Otl geladen.
Mfg Thomeex
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.01.2013 16:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\R3b3llDavid\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,33 Gb Available Physical Memory | 83,37% Memory free
8,00 Gb Paging File | 7,35 Gb Available in Paging File | 91,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 0,60 Gb Free Space | 1,49% Space Free | Partition Type: NTFS
Drive D: | 814,32 Gb Total Space | 766,25 Gb Free Space | 94,10% Space Free | Partition Type: NTFS
Drive E: | 874,49 Gb Total Space | 776,35 Gb Free Space | 88,78% Space Free | Partition Type: NTFS
Drive F: | 2,00 Gb Total Space | 1,96 Gb Free Space | 97,93% Space Free | Partition Type: NTFS
Drive G: | 15,00 Gb Total Space | 14,91 Gb Free Space | 99,41% Space Free | Partition Type: NTFS
 
Computer Name: R3B3LLDAVID-PC | User Name: R3b3llDavid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.22 16:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\R3b3llDavid\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.22 15:47:36 | 002,620,016 | ---- | M] (Iminent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013.01.19 11:52:22 | 000,711,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013.01.09 19:58:40 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.19 11:52:22 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.12.13 16:41:10 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.05.20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyC0CzytDtB0E0AyByBzytN0D0Tzu0CtAtDyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1583153640
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyC0CzytDtB0E0AyByBzytN0D0Tzu0CtAtDyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1583153640
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\R3b3llDavid\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{11350844-28E0-F105-9731-0C63838AFC30}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={73FDAA00-3CB4-11E2-91BF-0019996C902E}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110823&tt=3612_7&babsrc=HP_ss&mntrId=642ca7790000000000000019996c902e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=3612_7&babsrc=HP_ss&mntrId=642ca7790000000000000019996c902e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 51 63 51 36 85 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\R3b3llDavid\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=642ca7790000000000000019996c902e
IE - HKCU\..\SearchScopes\{11350844-28E0-F105-9731-0C63838AFC30}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=642ca7790000000000000019996c902e
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={849A8551-3E59-456A-A1F5-3DC339E013A5}&mid=265edc9027d847d0b325d150df8879dd-1f420a9776132c796a3f3143a547b8ae38ff1d0d&lang=en&ds=al011&pr=sa&d=2013-01-19 11:52:33&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=642ca7790000000000000019996c902e
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={73FDAA00-3CB4-11E2-91BF-0019996C902E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2013.01.20 11:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.12 17:46:09 | 000,000,000 | ---D | M]
 
[2012.09.09 20:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.10 22:24:02 | 000,003,267 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.iminent.com/?appId=AE3F1DCB-5776-4037-AC89-9A201177451E
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.iminent.com/?appId=AE3F1DCB-5776-4037-AC89-9A201177451E
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.3.2.1_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.3.2.1_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\R3b3llDavid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\R3b3llDavid\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\R3b3llDavid\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\R3b3llDavid\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe ()
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_1B7C466947C80700C235E1F45E50D1B5] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\R3b3llDavid\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\R3b3llDavid\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files (x86)\Common Files\Umbrella\Umbrella_bkp.exe (Iminent)
O4 - Startup: C:\Users\R3b3llDavid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\R3b3llDavid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\R3b3llDavid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C5C076B-2461-49F8-9C9E-5D3D4766B9B1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.22 16:17:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\R3b3llDavid\Desktop\OTL.exe
[2013.01.21 18:03:02 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Users\R3b3llDavid\wgsdgsdgdsgsd.exe
[2013.01.19 11:53:19 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Local\DFX
[2013.01.19 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Local\AVG Secure Search
[2013.01.19 11:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.01.19 11:52:31 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.01.19 11:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013.01.19 11:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013.01.19 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
[2013.01.19 11:52:14 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Roaming\vlc
[2013.01.19 11:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
[2013.01.19 11:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DFX
[2013.01.19 11:51:36 | 006,143,984 | ---- | C] (Power Technology) -- C:\Users\R3b3llDavid\Desktop\dfx11Setup.exe
[2013.01.17 23:30:02 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\Desktop\Prinz Harry - Vom Wohlstand Verwahrlost
[2013.01.14 15:27:13 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Roaming\OpenOffice.org
[2013.01.14 15:26:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.14 15:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.01.14 15:24:53 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.01.09 10:54:27 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\Desktop\tmx
[2013.01.05 15:58:19 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Local\Chromium
[2013.01.02 20:11:13 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Local\Programs
[2013.01.02 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Local\Gameforge4d
[2013.01.02 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
[2013.01.01 18:59:25 | 000,000,000 | ---D | C] -- C:\Users\R3b3llDavid\AppData\Roaming\Iminent
[2013.01.01 18:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.01.01 18:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar
[2013.01.01 18:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.01.01 18:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.01.01 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.01.01 18:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.01.01 18:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.25 11:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012.12.25 11:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012.12.25 11:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 16:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\R3b3llDavid\Desktop\OTL.exe
[2013.01.22 16:01:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 16:01:16 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 15:54:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.22 15:53:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 15:53:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 15:47:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 15:46:36 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.21 22:02:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 18:03:04 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.21 18:03:04 | 000,001,055 | ---- | M] () -- C:\Users\R3b3llDavid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.21 18:03:04 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.21 18:03:04 | 000,000,069 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.19 11:52:22 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.01.19 11:52:17 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\DFX.lnk
[2013.01.19 11:51:45 | 006,143,984 | ---- | M] (Power Technology) -- C:\Users\R3b3llDavid\Desktop\dfx11Setup.exe
[2013.01.17 18:07:15 | 093,031,966 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\Prinz Harry - Vom Wohlstand Verwahrlost.zip
[2013.01.16 21:34:48 | 000,048,535 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\600px-Frank-Walter_Steinmeier_25.jpg
[2013.01.16 11:20:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 11:20:00 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.16 11:20:00 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 11:20:00 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.16 11:20:00 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 10:50:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.01.15 08:09:50 | 000,294,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.14 15:27:24 | 000,001,239 | ---- | M] () -- C:\Users\R3b3llDavid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.14 15:26:38 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.13 17:12:40 | 145,437,564 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\New Mixtape2012 For Ganja Smoker Vol 1 Dj Lorest France.mp4
[2013.01.13 16:51:20 | 442,612,533 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\New Reggae Mix 2012; Roots Roots By Iron Heart Sound & Chessman Records.mp4
[2013.01.09 09:40:01 | 002,905,652 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\DJ_Smochi_-_SBC_7_www.rappers.in.mp3
[2013.01.08 23:37:59 | 004,046,210 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\lol.wav
[2013.01.08 22:18:28 | 004,701,204 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\DJ_Smochi_-_Travel_n_Trains_www.rappers.in.mp3
[2013.01.04 13:47:28 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-to-Play.lnk
[2013.01.04 13:45:17 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
[2013.01.01 18:59:20 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.01 18:59:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite
[2013.01.01 18:59:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\bProtector_extensions.sqlite
[2012.12.25 11:11:05 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012.12.25 10:36:46 | 661,657,015 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\DRUM AND BASS - REGGAE MiX (by faXcooL).mp4
[2012.12.25 10:27:22 | 015,296,610 | ---- | M] () -- C:\Users\R3b3llDavid\Desktop\UKF Sydney - New Years Day 2013 (Trailer).mp4
 
========== Files Created - No Company Name ==========
 
[2013.01.21 18:03:04 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.21 18:03:04 | 000,001,055 | ---- | C] () -- C:\Users\R3b3llDavid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.21 18:03:04 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.21 18:03:04 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.21 18:03:02 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.19 11:52:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\bProtector_extensions.sqlite
[2013.01.19 11:52:17 | 000,001,710 | ---- | C] () -- C:\Users\Public\Desktop\DFX.lnk
[2013.01.17 18:05:07 | 093,031,966 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\Prinz Harry - Vom Wohlstand Verwahrlost.zip
[2013.01.16 21:34:48 | 000,048,535 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\600px-Frank-Walter_Steinmeier_25.jpg
[2013.01.16 10:50:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013.01.14 15:27:24 | 000,001,239 | ---- | C] () -- C:\Users\R3b3llDavid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.14 15:26:38 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.13 16:45:08 | 442,612,533 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\New Reggae Mix 2012; Roots Roots By Iron Heart Sound & Chessman Records.mp4
[2013.01.13 16:44:23 | 145,437,564 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\New Mixtape2012 For Ganja Smoker Vol 1 Dj Lorest France.mp4
[2013.01.09 09:40:01 | 002,905,652 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\DJ_Smochi_-_SBC_7_www.rappers.in.mp3
[2013.01.08 23:37:58 | 004,046,210 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\lol.wav
[2013.01.08 22:18:23 | 004,701,204 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\DJ_Smochi_-_Travel_n_Trains_www.rappers.in.mp3
[2013.01.02 20:11:26 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-to-Play.lnk
[2013.01.02 20:09:06 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
[2013.01.01 18:59:14 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.01 18:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite
[2012.12.25 11:11:05 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012.12.25 10:28:28 | 661,657,015 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\DRUM AND BASS - REGGAE MiX (by faXcooL).mp4
[2012.12.25 10:27:11 | 015,296,610 | ---- | C] () -- C:\Users\R3b3llDavid\Desktop\UKF Sydney - New Years Day 2013 (Trailer).mp4
[2012.11.29 16:58:19 | 000,005,095 | ---- | C] () -- C:\Users\R3b3llDavid\AppData\Local\recently-used.xbel
[2012.11.25 23:12:56 | 001,195,888 | ---- | C] () -- C:\Users\R3b3llDavid\ts3_recording_12_11_25_23_12_54.wav
[2012.11.25 23:11:49 | 001,504,812 | ---- | C] () -- C:\Users\R3b3llDavid\ts3_recording_12_11_25_23_11_48.wav
[2012.11.02 18:24:03 | 000,290,500 | ---- | C] () -- C:\Users\R3b3llDavid\AppData\Local\funmoods-speeddial_sf.crx
[2012.11.02 18:24:03 | 000,031,465 | ---- | C] () -- C:\Users\R3b3llDavid\AppData\Local\funmoods.crx
[2012.10.10 22:24:03 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.17 19:06:48 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Ableton
[2013.01.20 17:51:37 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Audacity
[2012.12.02 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Avnex
[2012.09.09 20:05:40 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Babylon
[2012.09.09 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\BabylonToolbar
[2012.10.10 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\DownTangoLauncherToolbar
[2012.10.08 18:59:08 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\DVDVideoSoft
[2012.08.29 12:08:37 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.01 18:59:25 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Iminent
[2012.08.31 16:07:08 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\LolClient
[2012.11.30 20:36:14 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Maize Sampler Player
[2012.08.29 12:08:40 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\OpenCandy
[2013.01.14 15:27:13 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\OpenOffice.org
[2012.08.28 17:34:27 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Opera
[2012.11.30 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\REAPER
[2012.12.02 20:18:27 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Screaming Bee
[2013.01.22 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\Spotify
[2012.11.05 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\TS3Client
[2012.08.29 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\R3b3llDavid\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.19 00:36:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.28 17:49:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.28 16:56:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.04 19:40:14 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.11.04 20:17:40 | 000,000,000 | ---D | M] -- C:\output
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.25 11:10:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.19 11:52:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.22 15:54:17 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.28 16:56:59 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.28 16:56:59 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.08.31 10:45:01 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.01.22 15:41:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.19 11:52:14 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.02 18:51:37 | 000,000,000 | ---D | M] -- C:\WAV To MP3
[2013.01.02 20:11:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.28 17:03:05 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.28 17:41:16 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 17:41:17 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.08.29 09:38:08 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.08.29 09:38:08 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.08.29 09:38:08 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
 
< %USERPROFILE%\*.* >
[2013.01.22 16:26:05 | 003,932,160 | -HS- | M] () -- C:\Users\R3b3llDavid\NTUSER.DAT
[2013.01.22 16:26:05 | 000,262,144 | -HS- | M] () -- C:\Users\R3b3llDavid\ntuser.dat.LOG1
[2012.08.28 16:57:11 | 000,000,000 | -HS- | M] () -- C:\Users\R3b3llDavid\ntuser.dat.LOG2
[2012.08.28 17:51:48 | 000,065,536 | -HS- | M] () -- C:\Users\R3b3llDavid\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.28 17:51:48 | 000,524,288 | -HS- | M] () -- C:\Users\R3b3llDavid\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.28 17:51:48 | 000,524,288 | -HS- | M] () -- C:\Users\R3b3llDavid\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.28 16:57:11 | 000,000,020 | -HS- | M] () -- C:\Users\R3b3llDavid\ntuser.ini
[2012.11.25 23:11:58 | 001,504,812 | ---- | M] () -- C:\Users\R3b3llDavid\ts3_recording_12_11_25_23_11_48.wav
[2012.11.25 23:13:03 | 001,195,888 | ---- | M] () -- C:\Users\R3b3llDavid\ts3_recording_12_11_25_23_12_54.wav
[2013.01.21 18:03:02 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Users\R3b3llDavid\wgsdgsdgdsgsd.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.01.2013 16:21:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\R3b3llDavid\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,33 Gb Available Physical Memory | 83,37% Memory free
8,00 Gb Paging File | 7,35 Gb Available in Paging File | 91,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 0,60 Gb Free Space | 1,49% Space Free | Partition Type: NTFS
Drive D: | 814,32 Gb Total Space | 766,25 Gb Free Space | 94,10% Space Free | Partition Type: NTFS
Drive E: | 874,49 Gb Total Space | 776,35 Gb Free Space | 88,78% Space Free | Partition Type: NTFS
Drive F: | 2,00 Gb Total Space | 1,96 Gb Free Space | 97,93% Space Free | Partition Type: NTFS
Drive G: | 15,00 Gb Total Space | 14,91 Gb Free Space | 99,41% Space Free | Partition Type: NTFS
 
Computer Name: R3B3LLDAVID-PC | User Name: R3b3llDavid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097E29DC-10E9-4C98-B345-0D9351F06C8E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{09A9C1B8-7447-4516-9CB7-3CAAFFF19B4D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{10839DC2-5E5F-43CE-9CB6-F9C5C3B4D77E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2455A101-7614-4D3A-BC03-325CC2A6CDA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2485968A-9AC5-4DF0-9676-1667603FCBF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3CB008EB-E72A-46B2-BB25-5D5A850CB53D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44AB22BD-1AE8-4129-86C0-04B01FCDB5C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{62AEA176-383C-4EE1-91B6-A8E1695C11C2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{68076C2E-5F37-4E4B-B513-E060595A8999}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75FC04F0-7480-4EF5-8B5A-14BAA02B32F0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8C1C13F0-DE25-498B-B2DE-70407388E642}" = lport=137 | protocol=17 | dir=in | app=system | 
"{91FC1090-13B0-47A7-AF0C-87C1E286E74A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{972382B3-5CD9-4C06-A966-0770436EB107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B8888AE-3CE3-49FC-90D1-6E01D387BAF8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B21B52FA-B591-49CE-9D50-1DD31BBEE45E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B4ADEBDC-13E7-4F35-BAF1-F532EB7B203E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0198EF8-8A3A-4BB6-9A9E-2C0A19D9DAE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CEC679D5-A8AB-4D97-8F2E-D32FD7EFB2DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E837D1D8-1E19-4C5E-AC1D-1AE1774BB62D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F08A7CDE-004E-4F9E-8F97-C5031FF5E24B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F4D8272B-0696-4498-B6EB-9AE43A35A570}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033BD53E-B62D-4C5E-B039-769E37242E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{04533C42-6636-407C-9A82-99A8D536A477}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{06034CB7-DEB9-4E84-A482-E89E746F18E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0731BA59-5616-4EAE-A7D2-8328F4D26A6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{089F6BC7-B608-489F-BE28-E66F5555F686}" = protocol=17 | dir=in | app=c:\program files (x86)\red sky\downtango\pyload-dist\pyloadcore.exe | 
"{1A4928D8-0D89-4F86-B26B-343F5865C2D4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{1CDB8E1C-C574-4CB6-BA58-83E7F372180A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22F970B4-8BCD-45B9-B573-261A44F87D01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{27154CD6-D56B-4EE6-84B4-243D5136BA6F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{2A3BDF4B-2DE8-4E91-A561-D86F2DAB8E00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C700E6E-CCAD-48D9-A259-F63F1C3CD0FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{30136C72-E069-4BA9-961B-323B22EFA878}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{3130C3F2-4F4F-41A9-B301-A0F29C1A24D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D0A7247-3F14-42F0-9B04-553DDADE7804}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{40B88FF3-EEE0-493B-B609-DD982FD4654D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{476D1DCF-6444-425E-A9DA-40014759B278}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{4773B495-31AE-4508-9726-A9A9421F72FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D2DADFB-C59C-464B-B90D-01F9A2D85356}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{58C597FF-C8FE-4C82-A9CE-FEA5819E4393}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{5D491924-FDE9-4E03-A59D-E259EEAE42C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76F88C01-0F01-4323-B7AD-860CAF5CCA59}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7CBF0126-879C-4F9B-9071-A75663627307}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{87B4065D-587D-4CFC-A255-51E33AD7D783}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{8E4D1BCB-C21E-4392-AC85-DDCFD5FDBC8A}" = protocol=6 | dir=in | app=c:\program files (x86)\red sky\downtango\pyload-dist\pyloadcore.exe | 
"{923725EC-1A8D-4900-A533-50F0CD6C5888}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{97D6C158-5E39-43D7-AF31-55E0B7AC8F38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A42FEB23-D462-4AB6-9452-16E462B6B442}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A7E6492F-5842-4B9B-B6D5-7004A016AB1D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A9C3088D-F4B6-4B38-824E-29A0D07123EA}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{ABA6B9DC-6A04-4762-B666-B9BE337BF487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5EE5AEF-12A5-4959-BEA5-DCB4E61ABF87}" = protocol=6 | dir=in | app=c:\program files (x86)\red sky\downtango\downtango.exe | 
"{B7E786DD-1BF1-4705-B316-9C2BCDDB29C4}" = protocol=6 | dir=out | app=system | 
"{BC9AD959-DC86-455D-9540-FEC1F988432C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BD6B541F-249A-49E6-B304-948E02D02662}" = protocol=17 | dir=in | app=c:\program files (x86)\red sky\downtango\downtango.exe | 
"{C395083B-C250-44F7-AB92-3C1BAB3644DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{C3EBED52-EFF7-4A72-8715-DD5375C5C1CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA4A0E7C-AD51-4AE0-A7EC-89378BC3AFB7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CDB8D335-DD85-4A34-B219-4CFC8D1A084A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D12438CD-5E82-43EB-85BF-341F143D9784}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{D5AFFA39-05C0-4124-8584-C6EE2C3E94E2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D70FE26C-2ED1-4E97-8879-74002F1A9C5A}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{DA099860-EC67-4EC4-85D7-4FE52FAEABCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAABA82E-ADB4-4924-B03A-E8E132F39FA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD919F96-76BB-46D5-8D26-BAC038A55FFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9E90084-F756-428C-9396-458BDA2C3AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{EA34FAD1-8EA7-4199-82FD-DDED2386BA01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{F0F79AB1-F3A1-4CF8-BACB-58717CD134D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F5334945-55C7-4C02-9FDD-5FD64CEE6065}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F5399542-A640-43B4-A9D0-BF26D6595D76}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F9ADD171-E547-40D1-902F-E0F718E832E9}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | 
"{F9B336EC-73E9-45F0-A168-5A6E86C9DC39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FC16AE03-CF8F-4D20-A491-DA935DA48268}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FE0C304B-C1B8-4151-A762-D6C5F113AF29}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"REAPER" = REAPER (x64)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58BC9E49-2867-4153-A23F-6D62A3572599}" = Iminent
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9D1693BA-5923-434C-96AC-9834E0DEE101}" = Ableton Live 8
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = Iminent Toolbar For Internet Explorer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1" = DownTango Launcher
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"AVG Secure Search" = AVG Security Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"DFX" = DFX
"DownTango" = DownTango
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"iLivid" = iLivid
"IMBoosterARP" = Iminent
"MP3-DJ_is1" = MP3-DJ 11.7.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.12.1707" = Opera 12.12
"Protected Search_is1" = Protected Search 1.1
"ReaPlugs" = ReaPlugs
"Searchqu Toolbar" = Searchqu Toolbar
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Wajam" = Wajam
"WAV To MP3_is1" = WAV To MP3 V2
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 10:05:30 | Computer Name = R3b3llDavid-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1868    Startzeit: 01cdf7e0512af0a0    Endzeit: 5    Anwendungspfad: 
E:\Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: 9916ae91-63d3-11e2-bf67-0019996c902e

 
Error - 21.01.2013 10:06:20 | Computer Name = R3b3llDavid-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 19d8    Startzeit: 01cdf7e05ff875d0    Endzeit: 3    Anwendungspfad: 
E:\Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: b9458331-63d3-11e2-bf67-0019996c902e

 
Error - 21.01.2013 13:03:06 | Computer Name = R3b3llDavid-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BabylonToolbarsrv.exe, Version: 1.6.9.0,
 Zeitstempel: 0x5035f49f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x656c453d  ID des fehlerhaften
 Prozesses: 0x1bb4  Startzeit der fehlerhaften Anwendung: 0x01cdf7f92e3d0240  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 6c455150-63ec-11e2-bf67-0019996c902e
 
Error - 21.01.2013 13:06:43 | Computer Name = R3b3llDavid-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 10:38:55 | Computer Name = R3b3llDavid-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 10:46:51 | Computer Name = R3b3llDavid-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 11:03:09 | Computer Name = R3b3llDavid-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 11:18:25 | Computer Name = R3b3llDavid-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\R3b3llDavid\Downloads\SoftonicDownloader_fuer_morphvox.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.01.2013 11:18:25 | Computer Name = R3b3llDavid-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\R3b3llDavid\Downloads\SoftonicDownloader_fuer_funny-voice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.01.2013 11:18:25 | Computer Name = R3b3llDavid-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\R3b3llDavid\Downloads\SoftonicDownloader_fuer_av-voice-changer-software.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 22.01.2013 11:18:24 | Computer Name = R3b3llDavid-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.01.2013 11:18:24 | Computer Name = R3b3llDavid-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.01.2013 11:22:51 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:22:51 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:22:51 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:24:57 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:24:57 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:24:57 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:29:57 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.01.2013 11:29:57 | Computer Name = R3b3llDavid-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
[ TuneUp Events ]
Error - 17.01.2013 15:32:39 | Computer Name = R3b3llDavid-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.01.2013 15:32:39 | Computer Name = R3b3llDavid-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.01.2013 15:32:39 | Computer Name = R3b3llDavid-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

Entschuldigung, ich war gerade nicht Herr meines Geistes, dementsprechend schlecht ist meine Grammatik/Rechtschreibung ausgefallen - ich bitte Euch dies zu entschuldigen. Ich würde mich freuen wenn ihr mir bei der Lölsung meines Problems helfen könntet MfG Thomeex

Geändert von Thomeex (22.01.2013 um 16:33 Uhr)

Alt 23.01.2013, 16:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Virus 100€ paysafe, Computersperrung - Standard

GVU Virus 100€ paysafe, Computersperrung





Wie ich sehe bist du im abgesicherten Mous mit Netzwerk, hast du da eine Internetverbidnung? Die Sperre scheint da ja nicht aktiv zu sein.
__________________

__________________

Antwort

Themen zu GVU Virus 100€ paysafe, Computersperrung
abend, aktiv, avg secure search, avg security toolbar, babylontoolbar, blockiert, browser manager, compu, computersperrung, eingefangen, forum, gefangen, geladen, gen, gestartet, gestern, gesuch, gvu virus, gvu virus eingefangen, gvu virus trojaner computersperre, handy, heute, iminent toolbar, install.exe, jdownloader, konnte, msiexec.exe, neustarts, nichts, nvidia update, paysafe, problemlösung, rechner, required, richtlinie, secure search, spotify web helper, sprotection, sweetpacks, tarma, virus, virus eingefangen, vtoolbarupdater, wajam



Ähnliche Themen: GVU Virus 100€ paysafe, Computersperrung


  1. Paysafe GVU - Virus ? eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (11)
  2. Computersperrung durch Interpol
    Log-Analyse und Auswertung - 03.09.2013 (11)
  3. BKA - Paysafe Virus, Windows 7 gesperrt
    Log-Analyse und Auswertung - 21.05.2013 (23)
  4. BKA - Paysafe Virus, Windows 7 gesperrt
    Log-Analyse und Auswertung - 03.04.2013 (9)
  5. GVU Trojaner mit 100€ Paysafecard, Computersperrung
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (25)
  6. 100 Euro Paysafe Virus / Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  7. Computersperrung GVU Trojaner mit 100€ Paysafecard
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (15)
  8. Computersperrung GVU Trojaner mit 100€ Paysafecard
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (9)
  9. Computersperrung durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (2)
  10. paysafe-virus blockiert windows!
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (6)
  11. Polizei Virus - Österreich - 100 € Paysafe lösegeld!
    Log-Analyse und Auswertung - 25.09.2012 (7)
  12. Polizei Virus - Österreich - 100 € Paysafe lösegeld #laptop2
    Log-Analyse und Auswertung - 23.09.2012 (3)
  13. paysafe virus blockiert system
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (15)
  14. Virus Computer blockiert BKA 100€ Paysafe
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  15. 50 € Paysafe Virus, OTL's erstellt!
    Log-Analyse und Auswertung - 05.04.2012 (1)
  16. 50€ Paysafe/Ukash Virus
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (35)
  17. 50 € Ukash/Paysafe Virus :(
    Log-Analyse und Auswertung - 21.01.2012 (1)

Zum Thema GVU Virus 100€ paysafe, Computersperrung - Hallo, ich habe mir gestern Abend so ein Gvu Virus eingefangen, als er mich dann blockiert habe konnte ich den rechner nach einem Neustar allerdings wieder beunutzen. Als ich dann - GVU Virus 100€ paysafe, Computersperrung...
Archiv
Du betrachtest: GVU Virus 100€ paysafe, Computersperrung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.