Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Unerwünschte Software (und Viren?)

Unerwünschte Software (und Viren?)


Log-Analyse und Auswertung: Unerwünschte Software (und Viren?)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.02.2013, 13:28   #1
Zalgado
 
Unerwünschte Software (und Viren?) - Standard

Unerwünschte Software (und Viren?)


Hallo!
Ich habe diverse Software heruntergeladen und mir dabei einiges unerwünschte (z.B. GUI und anderes) eingehandelt. Dann erschien ein Warnhinweis (... dies ich wahrscheinlich nicht die Seite, die Sie gewählt haben...) Wenn ich mein Mail-Programm öffnen will, erscheinen sofort die Pünktchen vom Passwort. Ausserdem ist der Rechner auffallend langsam.
Ich bin die erwähnten Punkte durchgegangen. Anbei sende ich die Ergebnisse von OTL (ich erhielt allerdings nur einen Scan) und im Anhang GMER.

Viele Grüße und im Voraus Dank für eure Hilfe! (Wenn ich etwas nicht ganz richtig gemacht habe - sorry...)

OTL logfile created on: 03.02.2013 23:21:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Alemanha | Language: DEU | Date Format: dd.MM.yyyy

1,97 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 45,43% Memory free
3,93 Gb Paging File | 2,12 Gb Available in Paging File | 53,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289,24 Gb Total Space | 208,15 Gb Free Space | 71,96% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 4,41 Gb Free Space | 56,49% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 3,67 Gb Free Space | 49,24% Space Free | Partition Type: FAT32
Drive M: | 7,45 Gb Total Space | 0,97 Gb Free Space | 13,06% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (vToolbarUpdater14.0.1) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Arquivos de Programas\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (wlidsvc) -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (StarOpen) -- C:\windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Atc002) -- C:\Windows\SysNative\drivers\l260x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (adfs) -- C:\windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Arquivos de Programas\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Arquivos de Programas\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://br.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{4D7921D3-53C2-45B2-872C-90E12E119F96}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{9419F466-CE14-4815-9770-6E0ABF07029D}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F12B14F-71EC-47CC-B558-FC48D359C248}&mid=c14c28395cd447d0ab902524427bee8f-20a95f68f05b3e1dd4593d76b2ddf30e1d456162&lang=de&ds=bm012&pr=sa&d=2013-01-30 09:10:46&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{9AF1CD3F-F703-465F-B04C-1A3DE66B9B4E}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{F449D39B-A42A-452B-886F-D2B99472C29B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=pt_BR&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^BR&apn_uid=F3E38ACD-7F39-4777-8389-F70BF3112F5A&apn_sauid=C23E2D0E-758D-44CE-A0D5-052D60736B3E
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\SearchScopes\{F7277119-1255-44CD-863E-4883F42D083C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:1.7.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.autoconfig_url: ""
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F3E38ACD-7F39-4777-8389-F70BF3112F5A&apn_ptnrs=U3&apn_sauid=C23E2D0E-758D-44CE-A0D5-052D60736B3E&apn_dtid=OSJ000YYBR&&q="
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.20 00:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.20 00:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013.01.31 10:08:06 | 000,000,000 | ---D | M]

[2010.11.15 17:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rupi\AppData\Roaming\mozilla\Extensions
[2013.01.17 20:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rupi\AppData\Roaming\mozilla\Firefox\Profiles\ls0y5rg7.default\extensions
[2013.01.17 20:23:51 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Rupi\AppData\Roaming\mozilla\Firefox\Profiles\ls0y5rg7.default\extensions\toolbar@ask.com
[2013.01.17 20:23:51 | 000,002,308 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\mozilla\firefox\profiles\ls0y5rg7.default\searchplugins\askcom.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Disabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - Extension: Ask Toolbar = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\
CHR - Extension: YouTube = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: WEB.DE MailCheck = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Secure Search = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\Rupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010.11.14 20:33:47 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Arquivos de Programas\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Arquivos de Programas\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000..\Run: [SUPERAntiSpyware] C:\Arquivos de Programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rupi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3340065973-2767842447-854006908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Anexar para um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter destino do link em um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Anexar para um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter destino do link em um PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B762E0-5162-4C3A-B299-FEADC381DF21}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{590104AA-A81F-48BA-B238-AA717E71B1AD}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5492288-61CF-44DA-92FD-4BABBF66C449}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - Unable to obtain root file information for disk G:\
O32 - AutoRun File - [2011.08.01 17:02:50 | 000,141,320 | ---- | M] () - M:\AUTORENVERTRAG-ruprecht-guenther.pdf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.03 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{2C8226DA-F19B-42CE-BE1F-5FE6883DFBB8}
[2013.02.03 10:53:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{BB0514BC-F638-49F6-A651-AFEB3DA0E570}
[2013.02.02 18:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.02.02 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{E3D3B57D-7161-4EB4-9898-0B128F25FC33}
[2013.02.02 14:19:33 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013.02.02 14:19:00 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013.02.02 14:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013.02.02 14:01:26 | 000,000,000 | ---D | C] -- C:\windows\de
[2013.02.02 13:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.02 13:54:04 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013.02.02 13:32:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.02 12:50:29 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\NeroVideo
[2013.02.02 12:50:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Nero_AG
[2013.02.02 12:49:41 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Nero
[2013.02.02 11:49:50 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{537C9110-EEFA-4C8E-A8A6-412C21BADD1D}
[2013.01.31 18:46:38 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\Video
[2013.01.31 18:04:56 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Audacity
[2013.01.31 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.01.31 17:27:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.31 17:23:19 | 000,000,000 | ---D | C] -- C:\Users\Rupi\.DVDslideshowGUI
[2013.01.31 17:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.01.31 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.01.31 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor
[2013.01.31 17:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GUI for dvdauthor
[2013.01.31 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GUI for dvdauthor
[2013.01.31 17:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AvsP
[2013.01.31 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AvsP
[2013.01.31 17:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.01.31 17:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.01.31 17:22:30 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2013.01.31 17:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2013.01.31 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.01.31 17:21:52 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Rupi\AppData\Roaming\SetupGFD.exe
[2013.01.31 17:21:28 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Rupi\AppData\Roaming\Imgburn.exe
[2013.01.31 17:21:15 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Rupi\AppData\Roaming\Avisynth.exe
[2013.01.30 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\vlc
[2013.01.30 21:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.30 21:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.30 09:11:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\AVG Secure Search
[2013.01.30 09:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2013.01.30 09:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.01.30 09:10:34 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013.01.30 09:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013.01.30 09:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013.01.30 09:09:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\Any Video Converter
[2013.01.29 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Roaming\AnvSoft
[2013.01.29 12:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2013.01.29 12:24:31 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\Programs
[2013.01.28 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.01.28 10:31:00 | 000,000,000 | R--D | C] -- C:\Users\Rupi\SkyDrive
[2013.01.28 10:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.01.27 23:02:22 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{1014C13E-8395-4838-BEB5-A4E785846E8D}
[2013.01.27 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{36F5324B-9194-4840-BF57-6C2027866100}
[2013.01.26 22:35:18 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{7DB0E683-5C6D-4C3F-B245-5A117B69F71F}
[2013.01.25 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FB5F0E9C-B411-432D-905A-1687AB045175}
[2013.01.25 08:37:24 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{F3AF167F-D223-4702-BFDE-E18882B897CA}
[2013.01.24 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{55A458DC-2F66-4C67-9CF4-CB088611AFD1}
[2013.01.23 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{C3193ACF-578F-42A1-BCE9-46E91A83D922}
[2013.01.22 12:19:33 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{78B39860-4AB6-451C-9124-DF26F5E09624}
[2013.01.21 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{0ECD9C6D-BABE-4604-8C09-7D8A7918ABAD}
[2013.01.21 12:37:52 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9B3BFD74-617E-417C-BB37-2307046EABA6}
[2013.01.20 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{723B9E8E-C385-4EA8-BD58-128D026CE4BE}
[2013.01.20 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{6181E1F3-1625-43EC-B1D5-5A4DBA56F145}
[2013.01.19 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FBD9D36E-E6C6-466B-B03E-0930F42B2703}
[2013.01.18 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{AA7BAFBE-B44E-4F62-B2BE-C8C16B4864D7}
[2013.01.18 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{7FFEC400-9915-4A84-A22F-98A29CAD81E4}
[2013.01.17 21:35:28 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{52DC8E4E-6284-488E-AAA8-A439391D5361}
[2013.01.17 20:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.01.17 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\APN
[2013.01.17 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.01.17 10:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Mail & Media
[2013.01.17 09:35:00 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{20698CBA-D5DC-44D7-BE6D-2680DA66F87C}
[2013.01.16 11:47:25 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{F024962B-0E62-4639-A3D2-0433B966B0F1}
[2013.01.15 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{3742B625-8C70-4419-B73A-D2997668FAF1}
[2013.01.15 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{B50A2EEE-ECBD-4B95-B053-6C18ADE6A903}
[2013.01.14 21:45:56 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{8A4D8B2A-8DA2-4CF3-A03D-9A996157A1DF}
[2013.01.14 09:45:12 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{4A9F3E6C-0282-42E4-817F-373F9DFA8B09}
[2013.01.13 19:44:22 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{C6F649CE-7333-4582-B431-FA4070331DB4}
[2013.01.12 16:19:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9B3CB9A9-FDDF-426E-BD32-862E06AFE893}
[2013.01.12 12:12:40 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{584766E2-82AD-41FF-8020-74DA926580F1}
[2013.01.11 23:15:09 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{0099E5D4-0B8E-4248-A7EE-4BFAA74E12F3}
[2013.01.11 10:12:32 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FA8584DE-A524-45FE-A6EA-FE684BB9ABE3}
[2013.01.10 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{9DE97496-1434-4E31-9A8F-B087C9D17953}
[2013.01.10 10:11:04 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{77C3B87B-E23F-45D8-ADA8-53517DE6D26D}
[2013.01.08 12:34:06 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{FCB4975C-7C05-48D7-8FC6-648C61CCD6AB}
[2013.01.07 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{3B65230F-5278-4C8D-BE6D-A14E743E1D74}
[2013.01.07 11:12:54 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{50492BA2-2DFC-4F75-B699-B5DA11020219}
[2013.01.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{D2C30C92-8D58-4D42-A2DF-1498F28C8CD1}
[2013.01.06 11:11:48 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{794313FD-D088-4A14-A75F-2D28D5D204C6}
[2013.01.06 10:30:30 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{A641D6F0-607E-48B7-BBFA-CD0039620424}
[2013.01.06 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\Documents\6.1.13
[2013.01.05 22:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{8273EDAA-5131-42F7-BA33-13EB38DA1333}
[2013.01.05 10:29:23 | 000,000,000 | ---D | C] -- C:\Users\Rupi\AppData\Local\{336B3873-8698-4877-87A9-CE0ECBDA28F0}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.03 23:27:16 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.03 23:26:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 23:24:26 | 000,016,416 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 23:24:26 | 000,016,416 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 23:16:35 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.03 23:16:33 | 000,000,356 | ---- | M] () -- C:\windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.02.03 23:16:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.03 23:16:07 | 1583,128,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 23:14:32 | 000,000,020 | ---- | M] () -- C:\Users\Rupi\defogger_reenable
[2013.02.03 13:08:55 | 000,978,074 | ---- | M] () -- C:\Users\Rupi\Documents\garota1.png
[2013.02.02 20:18:53 | 148,843,957 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.wmv
[2013.02.02 18:42:34 | 002,344,832 | ---- | M] () -- C:\Users\Rupi\Documents\Mein Film.wmv
[2013.02.02 18:18:38 | 019,082,704 | ---- | M] ( ) -- C:\Users\Rupi\Desktop\K-Lite_Codec_Pack_970_Full.exe
[2013.02.02 14:34:08 | 000,003,584 | ---- | M] () -- C:\Users\Rupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 14:19:00 | 000,001,205 | ---- | M] () -- C:\Users\Rupi\Desktop\Format Factory.lnk
[2013.02.01 22:49:51 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvvvv.wav
[2013.02.01 14:36:29 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvvv.wav
[2013.02.01 14:23:47 | 034,821,404 | ---- | M] () -- C:\Users\Rupi\Desktop\SAMBAvv.wav
[2013.02.01 10:22:08 | 039,049,882 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala neu.mp4
[2013.02.01 09:48:31 | 003,075,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.31 21:57:13 | 000,034,533 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala neu.wlmp
[2013.01.31 18:04:41 | 000,001,014 | ---- | M] () -- C:\Users\Rupi\Desktop\Audacity.lnk
[2013.01.31 17:23:07 | 000,034,936 | ---- | M] () -- C:\windows\SysWow64\uninstHelixYUV.exe
[2013.01.31 17:22:40 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.31 17:22:03 | 007,760,687 | ---- | M] (Boraxsoft) -- C:\Users\Rupi\AppData\Roaming\SetupGFD.exe
[2013.01.31 17:21:52 | 005,243,208 | ---- | M] ( ) -- C:\Users\Rupi\AppData\Roaming\AvsP.exe
[2013.01.31 17:21:43 | 001,357,348 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\MatroskaSplitter.exe
[2013.01.31 17:21:39 | 000,117,723 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\yuvcodecs-1.3.exe
[2013.01.31 17:21:37 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Users\Rupi\AppData\Roaming\Imgburn.exe
[2013.01.31 17:21:27 | 005,082,084 | ---- | M] (The Public) -- C:\Users\Rupi\AppData\Roaming\Avisynth.exe
[2013.01.31 10:06:40 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013.01.31 00:42:39 | 000,599,067 | ---- | M] () -- C:\Users\Rupi\Documents\forum.botfrei.de.png
[2013.01.30 21:56:41 | 004,228,258 | ---- | M] () -- C:\Users\Rupi\Documents\Jambalakurz.mp4
[2013.01.30 21:42:49 | 040,931,281 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.mp4
[2013.01.30 21:06:53 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.29 16:07:40 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.29 16:07:40 | 000,002,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.29 13:40:43 | 000,029,964 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala.wlmp
[2013.01.29 11:15:06 | 075,737,972 | ---- | M] () -- C:\Users\Rupi\Documents\Jambala2.mp4
[2013.01.29 00:00:23 | 251,044,534 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.01.28 00:02:29 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNA5vvvv.wav
[2013.01.27 17:46:08 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNA5v.wav
[2013.01.24 11:18:47 | 000,001,017 | ---- | M] () -- C:\Users\Rupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 11:18:24 | 000,000,983 | ---- | M] () -- C:\Users\Rupi\Desktop\Dropbox.lnk
[2013.01.21 09:58:27 | 025,648,604 | ---- | M] () -- C:\Users\Rupi\Desktop\TAMOR3v7.wav
[2013.01.20 12:58:19 | 031,363,964 | ---- | M] () -- C:\Users\Rupi\Desktop\ANNAv5.wav
[2013.01.16 13:05:28 | 000,376,174 | ---- | M] () -- C:\Users\Rupi\Desktop\urubu2.png
[2013.01.16 13:02:32 | 000,554,544 | ---- | M] () -- C:\Users\Rupi\Desktop\urubu.png
[2013.01.14 22:07:08 | 001,599,152 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.14 22:07:08 | 000,687,894 | ---- | M] () -- C:\windows\SysNative\prfh0416.dat
[2013.01.14 22:07:08 | 000,639,478 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.14 22:07:08 | 000,139,854 | ---- | M] () -- C:\windows\SysNative\prfc0416.dat
[2013.01.14 22:07:08 | 000,116,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.12 16:17:35 | 000,002,262 | ---- | M] () -- C:\Users\Rupi\Desktop\Google Chrome.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.03 23:14:32 | 000,000,020 | ---- | C] () -- C:\Users\Rupi\defogger_reenable
[2013.02.03 13:08:54 | 000,978,074 | ---- | C] () -- C:\Users\Rupi\Documents\garota1.png
[2013.02.02 20:08:37 | 148,843,957 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.wmv
[2013.02.02 18:41:48 | 002,344,832 | ---- | C] () -- C:\Users\Rupi\Documents\Mein Film.wmv
[2013.02.02 18:17:30 | 019,082,704 | ---- | C] ( ) -- C:\Users\Rupi\Desktop\K-Lite_Codec_Pack_970_Full.exe
[2013.02.02 14:19:00 | 000,001,205 | ---- | C] () -- C:\Users\Rupi\Desktop\Format Factory.lnk
[2013.02.02 13:59:57 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013.02.02 13:59:08 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013.02.02 13:56:52 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.02.01 22:31:22 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvvvv.wav
[2013.02.01 14:28:17 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvvv.wav
[2013.02.01 14:23:46 | 034,821,404 | ---- | C] () -- C:\Users\Rupi\Desktop\SAMBAvv.wav
[2013.02.01 10:09:42 | 039,049,882 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala neu.mp4
[2013.01.31 20:11:44 | 000,034,533 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala neu.wlmp
[2013.01.31 18:04:41 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.01.31 18:04:41 | 000,001,014 | ---- | C] () -- C:\Users\Rupi\Desktop\Audacity.lnk
[2013.01.31 17:23:07 | 000,034,936 | ---- | C] () -- C:\windows\SysWow64\uninstHelixYUV.exe
[2013.01.31 17:22:40 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.01.31 17:22:40 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.31 17:21:44 | 005,243,208 | ---- | C] ( ) -- C:\Users\Rupi\AppData\Roaming\AvsP.exe
[2013.01.31 17:21:39 | 001,357,348 | ---- | C] () -- C:\Users\Rupi\AppData\Roaming\MatroskaSplitter.exe
[2013.01.31 17:21:37 | 000,117,723 | ---- | C] () -- C:\Users\Rupi\AppData\Roaming\yuvcodecs-1.3.exe
[2013.01.31 10:08:00 | 000,000,356 | ---- | C] () -- C:\windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.01.31 00:42:38 | 000,599,067 | ---- | C] () -- C:\Users\Rupi\Documents\forum.botfrei.de.png
[2013.01.30 21:55:19 | 004,228,258 | ---- | C] () -- C:\Users\Rupi\Documents\Jambalakurz.mp4
[2013.01.30 21:27:59 | 040,931,281 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.mp4
[2013.01.30 21:06:53 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.29 10:41:58 | 075,737,972 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala2.mp4
[2013.01.28 12:06:30 | 000,029,964 | ---- | C] () -- C:\Users\Rupi\Documents\Jambala.wlmp
[2013.01.27 23:20:40 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNA5vvvv.wav
[2013.01.27 17:41:07 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNA5v.wav
[2013.01.21 09:48:59 | 025,648,604 | ---- | C] () -- C:\Users\Rupi\Desktop\TAMOR3v7.wav
[2013.01.20 12:45:32 | 031,363,964 | ---- | C] () -- C:\Users\Rupi\Desktop\ANNAv5.wav
[2013.01.16 13:05:28 | 000,376,174 | ---- | C] () -- C:\Users\Rupi\Desktop\urubu2.png
[2013.01.16 13:02:31 | 000,554,544 | ---- | C] () -- C:\Users\Rupi\Desktop\urubu.png
[2012.10.06 10:57:52 | 000,511,488 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2012.10.06 10:57:52 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\advd.dll
[2012.10.06 10:57:52 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\auth.dll
[2012.09.26 17:37:31 | 000,005,005 | ---- | C] () -- C:\windows\wininit.ini
[2012.06.13 16:33:16 | 000,000,000 | ---- | C] () -- C:\windows\cdplayer.ini
[2011.10.16 21:26:07 | 000,003,584 | ---- | C] () -- C:\Users\Rupi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.24 19:17:08 | 000,000,631 | ---- | C] () -- C:\Users\Rupi\Rupi - Atalho.lnk

========== ZeroAccess Check ==========

[2009.07.14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.12.20 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\1&1 Mail & Media GmbH
[2013.01.29 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\AnvSoft
[2012.06.13 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Ashampoo
[2013.01.31 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Audacity
[2009.10.28 02:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\BrOffice.org
[2009.11.24 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Canneverbe Limited
[2009.11.01 23:44:11 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Canon
[2012.10.06 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\concept design
[2009.11.01 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\DAEMON Tools Lite
[2013.02.03 23:17:39 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Dropbox
[2011.05.18 12:46:50 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\Duden
[2011.03.13 14:14:20 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\fotobuch.de AG
[2012.08.10 07:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\GetRightToGo
[2010.12.23 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\GlarySoft
[2012.06.14 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\SoftMaker
[2011.09.16 15:34:05 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\TeamViewer
[2012.05.24 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\Rupi\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

 

Themen zu Unerwünschte Software (und Viren?)
adobe, antivir, avg, avg secure search, avg security toolbar, avira, bho, bonjour, converter, desktop, firefox, flash player, format, helper, home, lightning, logfile, nodrives, object, plug-in, realtek, registry, safer networking, scan, secure search, security, senden, software, superantispyware, viren, vtoolbarupdater, warnhinweis, windows


« Programme öffnen sich einfach / PC schaltet sich ab usw | yhs.delta-search Startseite in Google Chrome und Programm Spyhunter 4 entfernen »


Ähnliche Themen: Unerwünschte Software (und Viren?)


  1. 9 Viren bzw. unerwünschte Programme wurden gefunden
    Log-Analyse und Auswertung - 08.09.2015 (23)
  2. 2x Trojan.Generic und div. unerwünschte Software
    Mülltonne - 09.06.2015 (1)
  3. Tablet Acer Iconia w510 sehr langsam. Malware oder unerwünschte Software?
    Mülltonne - 04.01.2015 (1)
  4. 11 Viren bzw. unerwünschte Programme wurden gefunden !
    Log-Analyse und Auswertung - 28.12.2014 (21)
  5. malwarebytes hat pups (potentiell unerwünschte software) gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (6)
  6. Antivirenprogramm meldet unerwünschte Software
    Log-Analyse und Auswertung - 07.01.2014 (14)
  7. Windows 7: Antivirenprogramm meldet unerwünschte Software not-a-virus:Downloader.Win32.Agent.awjz
    Log-Analyse und Auswertung - 30.11.2013 (17)
  8. Fund von PUP.Optional.Wajam.A, Neuinstallation fällig oder eher "nur" unerwünschte Software
    Log-Analyse und Auswertung - 26.11.2013 (19)
  9. Unerwünschte Software nach Programmdownload zb. User.js und DeltaTB.exe
    Log-Analyse und Auswertung - 24.08.2013 (23)
  10. 40 Viren/unerwünschte Programme von Free Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (31)
  11. TR/ATRAPS.Gen + andere unerwünschte Viren
    Log-Analyse und Auswertung - 06.12.2012 (5)
  12. Unerwünschte Weiterleitung bei (Hyper-)Links, Problem Antivirus-Software und Firewall
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (17)
  13. Antivir meldet 10 Viren oder unerwünschte Programme
    Log-Analyse und Auswertung - 30.01.2012 (25)
  14. Habe Viren, unerwünschte Programme und Banner :(
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (7)
  15. AviraAntiVirPersonal hat 7 Viren oder unerwünschte Programme gefunden
    Antiviren-, Firewall- und andere Schutzprogramme - 30.09.2010 (10)
  16. Unerwünschte Software
    Plagegeister aller Art und deren Bekämpfung - 27.10.2009 (3)
  17. Immer Pop-Ups, mit Viren-Software
    Log-Analyse und Auswertung - 31.05.2006 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Unerwünschte Software (und Viren?) - Hallo! Ich habe diverse Software heruntergeladen und mir dabei einiges unerwünschte (z.B. GUI und anderes) eingehandelt. Dann erschien ein Warnhinweis (... dies ich wahrscheinlich nicht die Seite, die Sie gewählt - Unerwünschte Software (und Viren?)...
Archiv
Du betrachtest: Unerwünschte Software (und Viren?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131