Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: EXP/JAVA.Rettilic.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.02.2013, 17:25   #1
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

ich habe ein Problem mit meinem Pc und brauche dringend hilfe, weil ich nicht weis, was ich tun soll um das Problem zu lösen. Das Bild verzehrt sich nach der Zeit und ich habe über Avira einen Exploit.gen gefunden. Als ich ihn in quarantäne schickte, kam er irgendwie zurück. Also er war noch drin, aber mein Bildschirm verzehrte sich wieder. Ich habe Malwarebytes suchen geschickt und habe ihn gefunden. Ich habe wie hier beschrieben die scans mit OLD und so durchgeführt. Das kam dabei raus:

Vielen Dank im Vorraus :-)

OTL EXTRA:

OTL Extras logfile created on: 07.02.2013 17:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D241AC96-11AC-45C1-A4BA-7A7C6DDCDADD}" = Nitro Reader 2
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{5BE5DB79-685E-46FD-A231-CD7467B69DD7}" = TP-LINK Wireless Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}" = Sven XXX - XXL
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"7tsp_GUI" = 7tsp v0.3 Build(3003)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"APB Reloaded" = APB Reloaded
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Polizei" = Die Polizei
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"Hoffmanns Email & Netzwerk Schach_is1" = Hoffmans E&N Schach V1.9
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"PunkBusterSvc" = PunkBuster Services
"theHunter" = theHunter (remove only)
"TrueCrypt" = TrueCrypt
"Wildlife Park 3_is1" = Wildlife Park 3 v1.07
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GamersFirst LIVE!" = GamersFirst LIVE!
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.01.2013 13:01:14 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: police.exe, Version: 0.0.0.0, Zeitstempel:
0x4de64211 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000006e ID des fehlerhaften Prozesses:
0xbcc Startzeit der fehlerhaften Anwendung: 0x01cdf72a2ecaefe1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Quadriga Games\Die Polizei\bin.x86\police.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fee1afe1-6322-11e2-8a83-1c6f65aac9d9

Error - 25.01.2013 11:00:48 | Computer Name = Sanctuary | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 24.0.1312.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11cc Startzeit:
01cdfafe7181901f Endzeit: 2451 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
f873ced9-66ff-11e2-987a-1c6f65aac9d9

Error - 25.01.2013 11:33:01 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812
ID
des fehlerhaften Prozesses: 0xce4 Startzeit der fehlerhaften Anwendung: 0x01cdfb10f340a89d
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: 8098c5b7-6704-11e2-92f7-1c6f65aac9d9

Error - 31.01.2013 13:15:16 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften
Prozesses: 0x654 Startzeit der fehlerhaften Anwendung: 0x01cdffd6812d7cee Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll
Berichtskennung:
c7c8709d-6bc9-11e2-bac6-1c6f65aac9d9

Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften
Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung: 0x01cdffe2562e7520 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll
Berichtskennung:
b01ff101-6bd5-11e2-bb74-1c6f65aac9d9

Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000008 Fehleroffset: 0x000827b8 ID des fehlerhaften
Prozesses: 0xfc4 Startzeit der fehlerhaften Anwendung: 0x01cdffe271f5f7ee Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b09597ea-6bd5-11e2-bb74-1c6f65aac9d9

Error - 02.02.2013 07:58:43 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812
ID
des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0x01ce013c5428624e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: e39a19bb-6d2f-11e2-91d4-1c6f65aac9d9

Error - 02.02.2013 11:27:57 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.57,
Zeitstempel: 0x510326ea Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x238 Startzeit der fehlerhaften Anwendung: 0x01ce0159dee9b83a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 1e6b3f82-6d4d-11e2-bbe8-1c6f65aac9d9

Error - 05.02.2013 12:00:35 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xb94 Startzeit der fehlerhaften Anwendung: 0x01ce03b9664cebd4
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2cd72fe0-6fad-11e2-93f3-1c6f65aac9d9

Error - 05.02.2013 12:29:31 | Computer Name = Sanctuary | Source = VaudiXUpdater | ID = 0
Description =

[ Media Center Events ]
Error - 07.11.2012 09:33:52 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:33:52 - Fehler beim Herstellen der Internetverbindung. 14:33:52
- Serververbindung konnte nicht hergestellt werden..

Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 07.11.2012 09:34:31 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 07.11.2012 10:34:43 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 15:34:43 - Fehler beim Herstellen der Internetverbindung. 15:34:43
- Serververbindung konnte nicht hergestellt werden..

Error - 07.11.2012 10:34:53 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 15:34:48 - Fehler beim Herstellen der Internetverbindung. 15:34:48
- Serververbindung konnte nicht hergestellt werden..

Error - 10.11.2012 06:33:20 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 11:33:20 - Fehler beim Herstellen der Internetverbindung. 11:33:20
- Serververbindung konnte nicht hergestellt werden..

Error - 10.11.2012 06:33:30 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 11:33:25 - Fehler beim Herstellen der Internetverbindung. 11:33:25
- Serververbindung konnte nicht hergestellt werden..

Error - 17.12.2012 14:12:00 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 19:12:00 - Fehler beim Herstellen der Internetverbindung. 19:12:00
- Serververbindung konnte nicht hergestellt werden..

Error - 17.12.2012 14:12:13 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 19:12:06 - Fehler beim Herstellen der Internetverbindung. 19:12:06
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:09:58 | Computer Name = Sanctuary | Source = bowser | ID = 8003
Description =

Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:12:56 | Computer Name = Sanctuary | Source = bowser | ID = 8003
Description =


< End of report >

OTL:


OTL logfile created on: 07.02.2013 17:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe
PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE


========== Modules (No Company Name) ==========

MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll
MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2013.02.07 16:40:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9ea0a3230000000000001c6f65aac9d9
IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={681C8A58-101E-41C7-A648-1EBB0DA3FA5F}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9&q={searchTerms}
IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=302C37D5-BF37-4B11-A519-9F092AFD1314&apn_sauid=B755F661-004F-4FE8-9033-871F10086F7E
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

[2012.08.03 14:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Visual Elements] C:\Users\******\AppData\Local\Temp\windlog.exe File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2011.03.17 11:57:07 | 001,635,680 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.10.26 11:06:38 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] ()
O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe -- [2002.08.22 12:41:50 | 000,098,304 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.07 17:53:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs
[2013.02.05 17:28:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.26 12:39:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach
[2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity
[2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity
[2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix
[2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable
[2013.02.07 17:51:00 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2013.02.07 17:50:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.07 16:41:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 16:41:11 | 000,000,364 | -H-- | M] () -- C:\Windows\tasks\ZoomExUpdaterTask{094CBAB5-E71B-40C3-B9AB-3AE5B16F4696}.job
[2013.02.07 16:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.07 16:40:36 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.01.09 19:23:53 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable
[2013.02.07 17:50:49 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg
[2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg
[2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg
[2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI
[2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel
[2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll
[2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir
[2012.09.13 19:06:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe
[2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin
[2012.07.28 17:06:30 | 000,173,235 | ---- | C] () -- C:\Users\******\theHunter-uninstall.exe
[2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2013.01.15 22:03:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2012.08.09 22:19:41 | 000,002,048 | -HS- | M] () -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT
[2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro
[2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2012.11.13 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles
[2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software
[2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium
[2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate
[2013.02.07 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\OpenCandy
[2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin
[2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape
[2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO
[2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC
[2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt
[2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity
[2012.11.11 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >


defogger_disable:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:51 on 07/02/2013 (Nadine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

Alt 07.02.2013, 18:37   #2
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.






Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 07.02.2013, 19:31   #3
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

Ja ich würde sehr gerne mit Ihrer Hilfe eine Bereinigung starten. Ich habe den suchlauf gestartet. Leider hat er nichts gefunden. Kann das sein, weil ich den in Quarantäne habe?
Hier ist der Bericht:


20:24:19.0113 0112 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:24:19.0201 0112 ============================================================
20:24:19.0201 0112 Current date / time: 2013/02/07 20:24:19.0201
20:24:19.0201 0112 SystemInfo:
20:24:19.0201 0112
20:24:19.0201 0112 OS Version: 6.1.7601 ServicePack: 1.0
20:24:19.0201 0112 Product type: Workstation
20:24:19.0201 0112 ComputerName: SANCTUARY
20:24:19.0201 0112 UserName:
20:24:19.0201 0112 Windows directory: C:\Windows
20:24:19.0201 0112 System windows directory: C:\Windows
20:24:19.0201 0112 Running under WOW64
20:24:19.0201 0112 Processor architecture: Intel x64
20:24:19.0201 0112 Number of processors: 3
20:24:19.0201 0112 Page size: 0x1000
20:24:19.0201 0112 Boot type: Normal boot
20:24:19.0201 0112 ============================================================
20:24:21.0220 0112 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3F161, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:24:21.0223 0112 ============================================================
20:24:21.0223 0112 \Device\Harddisk0\DR0:
20:24:21.0223 0112 MBR partitions:
20:24:21.0223 0112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:24:21.0223 0112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
20:24:21.0223 0112 ============================================================
20:24:21.0251 0112 C: <-> \Device\Harddisk0\DR0\Partition2
20:24:21.0251 0112 ============================================================
20:24:21.0251 0112 Initialize success
20:24:21.0251 0112 ============================================================
20:24:25.0599 2804 ============================================================
20:24:25.0599 2804 Scan started
20:24:25.0599 2804 Mode: Manual;
20:24:25.0599 2804 ============================================================
20:24:27.0402 2804 ================ Scan system memory ========================
20:24:27.0402 2804 System memory - ok
20:24:27.0403 2804 ================ Scan services =============================
20:24:27.0526 2804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:24:27.0528 2804 1394ohci - ok
20:24:27.0567 2804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:24:27.0570 2804 ACPI - ok
20:24:27.0596 2804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:24:27.0599 2804 AcpiPmi - ok
20:24:27.0646 2804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:27.0657 2804 adp94xx - ok
20:24:27.0676 2804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:24:27.0685 2804 adpahci - ok
20:24:27.0701 2804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:24:27.0708 2804 adpu320 - ok
20:24:27.0741 2804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:24:27.0747 2804 AeLookupSvc - ok
20:24:27.0792 2804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:24:27.0828 2804 AFD - ok
20:24:27.0873 2804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:24:27.0892 2804 agp440 - ok
20:24:27.0932 2804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:24:27.0945 2804 ALG - ok
20:24:27.0963 2804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:24:27.0974 2804 aliide - ok
20:24:28.0024 2804 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:24:28.0043 2804 AMD External Events Utility - ok
20:24:28.0053 2804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:24:28.0058 2804 amdide - ok
20:24:28.0073 2804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:24:28.0078 2804 AmdK8 - ok
20:24:28.0221 2804 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:28.0304 2804 amdkmdag - ok
20:24:28.0329 2804 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:24:28.0337 2804 amdkmdap - ok
20:24:28.0385 2804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:24:28.0386 2804 AmdPPM - ok
20:24:28.0413 2804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:24:28.0419 2804 amdsata - ok
20:24:28.0450 2804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:28.0458 2804 amdsbs - ok
20:24:28.0473 2804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:24:28.0488 2804 amdxata - ok
20:24:28.0567 2804 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:24:28.0593 2804 AntiVirSchedulerService - ok
20:24:28.0626 2804 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:24:28.0647 2804 AntiVirService - ok
20:24:28.0708 2804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:24:28.0713 2804 AppID - ok
20:24:28.0739 2804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:24:28.0743 2804 AppIDSvc - ok
20:24:28.0794 2804 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:24:28.0800 2804 Appinfo - ok
20:24:28.0837 2804 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
20:24:28.0841 2804 AppleCharger - ok
20:24:28.0857 2804 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
20:24:28.0877 2804 AppleChargerSrv - ok
20:24:28.0903 2804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:24:28.0923 2804 arc - ok
20:24:28.0938 2804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:24:28.0945 2804 arcsas - ok
20:24:29.0065 2804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:29.0106 2804 aspnet_state - ok
20:24:29.0126 2804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:29.0129 2804 AsyncMac - ok
20:24:29.0151 2804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:24:29.0152 2804 atapi - ok
20:24:29.0237 2804 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:24:29.0253 2804 AtiHDAudioService - ok
20:24:29.0287 2804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:29.0303 2804 AudioEndpointBuilder - ok
20:24:29.0312 2804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:24:29.0315 2804 AudioSrv - ok
20:24:29.0326 2804 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:29.0333 2804 avgntflt - ok
20:24:29.0342 2804 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:24:29.0350 2804 avipbb - ok
20:24:29.0365 2804 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:29.0383 2804 avkmgr - ok
20:24:29.0417 2804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:24:29.0432 2804 AxInstSV - ok
20:24:29.0479 2804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:24:29.0489 2804 b06bdrv - ok
20:24:29.0531 2804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:24:29.0540 2804 b57nd60a - ok
20:24:29.0629 2804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:24:29.0658 2804 BDESVC - ok
20:24:29.0803 2804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:24:29.0819 2804 Beep - ok
20:24:30.0015 2804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:24:30.0030 2804 BFE - ok
20:24:30.0052 2804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:24:30.0068 2804 BITS - ok
20:24:30.0094 2804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:30.0098 2804 blbdrive - ok
20:24:30.0135 2804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:24:30.0141 2804 bowser - ok
20:24:30.0154 2804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:30.0157 2804 BrFiltLo - ok
20:24:30.0193 2804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:30.0195 2804 BrFiltUp - ok
20:24:30.0226 2804 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
20:24:30.0242 2804 Bridge - ok
20:24:30.0245 2804 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:24:30.0246 2804 BridgeMP - ok
20:24:30.0273 2804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:24:30.0280 2804 Browser - ok
20:24:30.0301 2804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:24:30.0310 2804 Brserid - ok
20:24:30.0327 2804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:30.0343 2804 BrSerWdm - ok
20:24:30.0381 2804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:30.0395 2804 BrUsbMdm - ok
20:24:30.0430 2804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:30.0455 2804 BrUsbSer - ok
20:24:30.0529 2804 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:24:30.0560 2804 BthEnum - ok
20:24:30.0632 2804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:30.0665 2804 BTHMODEM - ok
20:24:30.0697 2804 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:24:30.0717 2804 BthPan - ok
20:24:30.0754 2804 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:24:30.0765 2804 BTHPORT - ok
20:24:30.0791 2804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:24:30.0796 2804 bthserv - ok
20:24:30.0811 2804 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:24:30.0817 2804 BTHUSB - ok
20:24:30.0837 2804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:24:30.0842 2804 cdfs - ok
20:24:30.0886 2804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:24:30.0902 2804 cdrom - ok
20:24:30.0944 2804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:24:30.0949 2804 CertPropSvc - ok
20:24:30.0970 2804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:24:30.0975 2804 circlass - ok
20:24:31.0011 2804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:24:31.0027 2804 CLFS - ok
20:24:31.0091 2804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:31.0121 2804 clr_optimization_v2.0.50727_32 - ok
20:24:31.0177 2804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:31.0184 2804 clr_optimization_v2.0.50727_64 - ok
20:24:31.0265 2804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:31.0501 2804 clr_optimization_v4.0.30319_32 - ok
20:24:31.0519 2804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:31.0521 2804 clr_optimization_v4.0.30319_64 - ok
20:24:31.0549 2804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:31.0570 2804 CmBatt - ok
20:24:31.0594 2804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:24:31.0598 2804 cmdide - ok
20:24:31.0643 2804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:24:31.0655 2804 CNG - ok
20:24:31.0671 2804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:24:31.0675 2804 Compbatt - ok
20:24:31.0700 2804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:24:31.0704 2804 CompositeBus - ok
20:24:31.0708 2804 COMSysApp - ok
20:24:31.0717 2804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:31.0729 2804 crcdisk - ok
20:24:31.0772 2804 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:24:31.0780 2804 CryptSvc - ok
20:24:31.0836 2804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:24:31.0842 2804 DcomLaunch - ok
20:24:31.0869 2804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:24:31.0879 2804 defragsvc - ok
20:24:31.0912 2804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:24:31.0926 2804 DfsC - ok
20:24:31.0979 2804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:24:31.0990 2804 Dhcp - ok
20:24:32.0021 2804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:24:32.0035 2804 discache - ok
20:24:32.0058 2804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:24:32.0064 2804 Disk - ok
20:24:32.0103 2804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:24:32.0112 2804 Dnscache - ok
20:24:32.0138 2804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:24:32.0147 2804 dot3svc - ok
20:24:32.0176 2804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:24:32.0177 2804 DPS - ok
20:24:32.0209 2804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:24:32.0212 2804 drmkaud - ok
20:24:32.0304 2804 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:24:32.0311 2804 dtsoftbus01 - ok
20:24:32.0350 2804 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:24:32.0376 2804 DXGKrnl - ok
20:24:32.0403 2804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:24:32.0408 2804 EapHost - ok
20:24:32.0478 2804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:24:32.0524 2804 ebdrv - ok
20:24:32.0534 2804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:24:32.0548 2804 EFS - ok
20:24:32.0586 2804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:24:32.0601 2804 ehRecvr - ok
20:24:32.0644 2804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:24:32.0651 2804 ehSched - ok
20:24:32.0683 2804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:24:32.0695 2804 elxstor - ok
20:24:32.0712 2804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:24:32.0715 2804 ErrDev - ok
20:24:32.0767 2804 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
20:24:32.0786 2804 ES lite Service - ok
20:24:32.0878 2804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:24:32.0895 2804 EventSystem - ok
20:24:32.0911 2804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:24:32.0918 2804 exfat - ok
20:24:32.0931 2804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:24:32.0938 2804 fastfat - ok
20:24:32.0969 2804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:24:32.0974 2804 Fax - ok
20:24:32.0990 2804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:24:32.0994 2804 fdc - ok
20:24:33.0010 2804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:24:33.0013 2804 fdPHost - ok
20:24:33.0022 2804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:24:33.0026 2804 FDResPub - ok
20:24:33.0042 2804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:24:33.0073 2804 FileInfo - ok
20:24:33.0087 2804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:24:33.0091 2804 Filetrace - ok
20:24:33.0126 2804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:33.0130 2804 flpydisk - ok
20:24:33.0146 2804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:24:33.0156 2804 FltMgr - ok
20:24:33.0274 2804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:24:33.0303 2804 FontCache - ok
20:24:33.0370 2804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:33.0386 2804 FontCache3.0.0.0 - ok
20:24:33.0411 2804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:24:33.0416 2804 FsDepends - ok
20:24:33.0438 2804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:24:33.0442 2804 Fs_Rec - ok
20:24:33.0485 2804 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:24:33.0495 2804 fvevol - ok
20:24:33.0518 2804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:33.0540 2804 gagp30kx - ok
20:24:33.0577 2804 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
20:24:33.0581 2804 gdrv - ok
20:24:33.0614 2804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:24:33.0629 2804 gpsvc - ok
20:24:33.0699 2804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:24:33.0700 2804 gupdate - ok
20:24:33.0710 2804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:24:33.0711 2804 gupdatem - ok
20:24:33.0743 2804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:24:33.0748 2804 hcw85cir - ok
20:24:33.0807 2804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:33.0818 2804 HdAudAddService - ok
20:24:33.0847 2804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:24:33.0848 2804 HDAudBus - ok
20:24:33.0879 2804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:33.0883 2804 HidBatt - ok
20:24:33.0893 2804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:24:33.0898 2804 HidBth - ok
20:24:33.0910 2804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:24:33.0914 2804 HidIr - ok
20:24:33.0940 2804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:24:33.0944 2804 hidserv - ok
20:24:33.0968 2804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:24:33.0972 2804 HidUsb - ok
20:24:33.0997 2804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:24:34.0003 2804 hkmsvc - ok
20:24:34.0057 2804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:24:34.0082 2804 HomeGroupListener - ok
20:24:34.0102 2804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:24:34.0110 2804 HomeGroupProvider - ok
20:24:34.0127 2804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:24:34.0133 2804 HpSAMD - ok
20:24:34.0158 2804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:24:34.0176 2804 HTTP - ok
20:24:34.0185 2804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:24:34.0189 2804 hwpolicy - ok
20:24:34.0200 2804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:34.0206 2804 i8042prt - ok
20:24:34.0233 2804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:24:34.0252 2804 iaStorV - ok
20:24:34.0325 2804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:24:34.0382 2804 IDriverT - ok
20:24:34.0432 2804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:34.0467 2804 idsvc - ok
20:24:34.0484 2804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:24:34.0489 2804 iirsp - ok
20:24:34.0527 2804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:24:34.0545 2804 IKEEXT - ok
20:24:34.0617 2804 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:24:34.0651 2804 IntcAzAudAddService - ok
20:24:34.0685 2804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:24:34.0701 2804 intelide - ok
20:24:34.0744 2804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:24:34.0749 2804 intelppm - ok
20:24:34.0799 2804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:24:34.0805 2804 IPBusEnum - ok
20:24:34.0851 2804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:34.0878 2804 IpFilterDriver - ok
20:24:34.0934 2804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:24:34.0941 2804 IPMIDRV - ok
20:24:34.0974 2804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:24:34.0995 2804 IPNAT - ok
20:24:35.0059 2804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:24:35.0062 2804 IRENUM - ok
20:24:35.0066 2804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:24:35.0070 2804 isapnp - ok
20:24:35.0094 2804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:24:35.0105 2804 iScsiPrt - ok
20:24:35.0224 2804 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
20:24:35.0311 2804 JMB36X - ok
20:24:35.0360 2804 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:24:35.0372 2804 JRAID - ok
20:24:35.0423 2804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:35.0428 2804 kbdclass - ok
20:24:35.0485 2804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:35.0489 2804 kbdhid - ok
20:24:35.0536 2804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:24:35.0537 2804 KeyIso - ok
20:24:35.0591 2804 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:24:35.0607 2804 KMWDFILTER - ok
20:24:35.0650 2804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:24:35.0668 2804 KSecDD - ok
20:24:35.0699 2804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:24:35.0707 2804 KSecPkg - ok
20:24:35.0738 2804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:24:35.0755 2804 ksthunk - ok
20:24:35.0796 2804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:24:35.0824 2804 KtmRm - ok
20:24:35.0886 2804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:24:35.0896 2804 LanmanServer - ok
20:24:35.0938 2804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:35.0957 2804 LanmanWorkstation - ok
20:24:36.0005 2804 LckFldService - ok
20:24:36.0049 2804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:24:36.0054 2804 lltdio - ok
20:24:36.0122 2804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:24:36.0161 2804 lltdsvc - ok
20:24:36.0188 2804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:24:36.0192 2804 lmhosts - ok
20:24:36.0246 2804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:36.0252 2804 LSI_FC - ok
20:24:36.0283 2804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:36.0288 2804 LSI_SAS - ok
20:24:36.0317 2804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:36.0322 2804 LSI_SAS2 - ok
20:24:36.0355 2804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:36.0360 2804 LSI_SCSI - ok
20:24:36.0418 2804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:24:36.0424 2804 luafv - ok
20:24:36.0456 2804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:24:36.0468 2804 Mcx2Svc - ok
20:24:36.0502 2804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:24:36.0507 2804 megasas - ok
20:24:36.0575 2804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:36.0593 2804 MegaSR - ok
20:24:36.0615 2804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:24:36.0620 2804 MMCSS - ok
20:24:36.0674 2804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:24:36.0678 2804 Modem - ok
20:24:36.0711 2804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:24:36.0711 2804 monitor - ok
20:24:36.0742 2804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:24:36.0748 2804 mouclass - ok
20:24:36.0789 2804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:24:36.0793 2804 mouhid - ok
20:24:36.0846 2804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:24:36.0864 2804 mountmgr - ok
20:24:36.0894 2804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:24:36.0903 2804 mpio - ok
20:24:36.0924 2804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:36.0929 2804 mpsdrv - ok
20:24:36.0990 2804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:37.0007 2804 MpsSvc - ok
20:24:37.0044 2804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:37.0051 2804 MRxDAV - ok
20:24:37.0112 2804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:37.0134 2804 mrxsmb - ok
20:24:37.0157 2804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:37.0187 2804 mrxsmb10 - ok
20:24:37.0214 2804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:37.0223 2804 mrxsmb20 - ok
20:24:37.0257 2804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:24:37.0262 2804 msahci - ok
20:24:37.0334 2804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:24:37.0360 2804 msdsm - ok
20:24:37.0399 2804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:24:37.0406 2804 MSDTC - ok
20:24:37.0482 2804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:37.0485 2804 Msfs - ok
20:24:37.0515 2804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:24:37.0517 2804 mshidkmdf - ok
20:24:37.0545 2804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:24:37.0566 2804 msisadrv - ok
20:24:37.0603 2804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:37.0609 2804 MSiSCSI - ok
20:24:37.0613 2804 msiserver - ok
20:24:37.0674 2804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:37.0688 2804 MSKSSRV - ok
20:24:37.0703 2804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:37.0706 2804 MSPCLOCK - ok
20:24:37.0709 2804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:37.0712 2804 MSPQM - ok
20:24:37.0771 2804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:37.0780 2804 MsRPC - ok
20:24:37.0809 2804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:24:37.0810 2804 mssmbios - ok
20:24:37.0921 2804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:37.0924 2804 MSTEE - ok
20:24:37.0951 2804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:37.0954 2804 MTConfig - ok
20:24:37.0972 2804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:37.0977 2804 Mup - ok
20:24:38.0023 2804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:24:38.0038 2804 napagent - ok
20:24:38.0079 2804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:38.0089 2804 NativeWifiP - ok
20:24:38.0167 2804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:38.0175 2804 NDIS - ok
20:24:38.0234 2804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:38.0238 2804 NdisCap - ok
20:24:38.0273 2804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:38.0277 2804 NdisTapi - ok
20:24:38.0302 2804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:38.0307 2804 Ndisuio - ok
20:24:38.0373 2804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:38.0386 2804 NdisWan - ok
20:24:38.0427 2804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:38.0432 2804 NDProxy - ok
20:24:38.0481 2804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:38.0485 2804 NetBIOS - ok
20:24:38.0523 2804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:24:38.0532 2804 NetBT - ok
20:24:38.0561 2804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:24:38.0580 2804 Netlogon - ok
20:24:38.0631 2804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:24:38.0634 2804 Netman - ok
20:24:38.0690 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:38.0708 2804 NetMsmqActivator - ok
20:24:38.0723 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:38.0724 2804 NetPipeActivator - ok
20:24:38.0758 2804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:24:38.0789 2804 netprofm - ok
20:24:38.0830 2804 [ 04D2EDAB3CFB5A31BB8F53B39693846E ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
20:24:38.0848 2804 netr28ux - ok
20:24:38.0852 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:38.0853 2804 NetTcpActivator - ok
20:24:38.0856 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:38.0857 2804 NetTcpPortSharing - ok
20:24:38.0931 2804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:38.0952 2804 nfrd960 - ok
20:24:39.0096 2804 [ B7CF5462B7C275A7AA1E569340058C57 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
20:24:39.0103 2804 NitroReaderDriverReadSpool2 - ok
20:24:39.0143 2804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:39.0154 2804 NlaSvc - ok
20:24:39.0182 2804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:39.0187 2804 Npfs - ok
20:24:39.0226 2804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:24:39.0230 2804 nsi - ok
20:24:39.0262 2804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:39.0274 2804 nsiproxy - ok
20:24:39.0338 2804 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:39.0364 2804 Ntfs - ok
20:24:39.0373 2804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:24:39.0375 2804 Null - ok
20:24:39.0413 2804 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:24:39.0418 2804 nusb3hub - ok
20:24:39.0455 2804 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:24:39.0461 2804 nusb3xhc - ok
20:24:39.0511 2804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:24:39.0517 2804 nvraid - ok
20:24:39.0543 2804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:24:39.0550 2804 nvstor - ok
20:24:39.0580 2804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:24:39.0587 2804 nv_agp - ok
20:24:39.0619 2804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:24:39.0625 2804 ohci1394 - ok
20:24:39.0686 2804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:24:39.0690 2804 p2pimsvc - ok
20:24:39.0729 2804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:39.0740 2804 p2psvc - ok
20:24:39.0788 2804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:24:39.0794 2804 Parport - ok
20:24:39.0838 2804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:39.0844 2804 partmgr - ok
20:24:39.0882 2804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:39.0891 2804 PcaSvc - ok
20:24:39.0929 2804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:24:39.0931 2804 pci - ok
20:24:39.0977 2804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:24:39.0980 2804 pciide - ok
20:24:40.0034 2804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:40.0052 2804 pcmcia - ok
20:24:40.0086 2804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:24:40.0091 2804 pcw - ok
20:24:40.0131 2804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:40.0148 2804 PEAUTH - ok
20:24:40.0203 2804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:24:40.0224 2804 PerfHost - ok
20:24:40.0288 2804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:24:40.0310 2804 pla - ok
20:24:40.0340 2804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:40.0353 2804 PlugPlay - ok
20:24:40.0380 2804 PnkBstrA - ok
20:24:40.0419 2804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:24:40.0424 2804 PNRPAutoReg - ok
20:24:40.0430 2804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:24:40.0432 2804 PNRPsvc - ok
20:24:40.0543 2804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:40.0563 2804 PolicyAgent - ok
20:24:40.0609 2804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:24:40.0611 2804 Power - ok
20:24:40.0642 2804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:40.0648 2804 PptpMiniport - ok
20:24:40.0662 2804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:24:40.0674 2804 Processor - ok
20:24:40.0705 2804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:40.0715 2804 ProfSvc - ok
20:24:40.0724 2804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:40.0725 2804 ProtectedStorage - ok
20:24:40.0774 2804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:24:40.0776 2804 Psched - ok
20:24:40.0813 2804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:24:40.0843 2804 ql2300 - ok
20:24:40.0859 2804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:40.0867 2804 ql40xx - ok
20:24:40.0900 2804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:24:40.0909 2804 QWAVE - ok
20:24:40.0927 2804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:40.0931 2804 QWAVEdrv - ok
20:24:40.0950 2804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:40.0953 2804 RasAcd - ok
20:24:41.0001 2804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:41.0006 2804 RasAgileVpn - ok
20:24:41.0013 2804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:41.0018 2804 RasAuto - ok
20:24:41.0053 2804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:41.0074 2804 Rasl2tp - ok
20:24:41.0096 2804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:24:41.0117 2804 RasMan - ok
20:24:41.0135 2804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:41.0140 2804 RasPppoe - ok
20:24:41.0149 2804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:41.0154 2804 RasSstp - ok
20:24:41.0164 2804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:41.0174 2804 rdbss - ok
20:24:41.0185 2804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:41.0204 2804 rdpbus - ok
20:24:41.0220 2804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:41.0222 2804 RDPCDD - ok
20:24:41.0234 2804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:41.0237 2804 RDPENCDD - ok
20:24:41.0272 2804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:24:41.0285 2804 RDPREFMP - ok
20:24:41.0305 2804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:41.0311 2804 RDPWD - ok
20:24:41.0337 2804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:24:41.0345 2804 rdyboost - ok
20:24:41.0387 2804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:41.0405 2804 RemoteAccess - ok
20:24:41.0409 2804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:41.0417 2804 RemoteRegistry - ok
20:24:41.0436 2804 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:41.0441 2804 RFCOMM - ok
20:24:41.0486 2804 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
20:24:41.0494 2804 RichVideo64 - ok
20:24:41.0514 2804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:24:41.0519 2804 RpcEptMapper - ok
20:24:41.0527 2804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:24:41.0530 2804 RpcLocator - ok
20:24:41.0561 2804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:41.0564 2804 RpcSs - ok
20:24:41.0591 2804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:41.0596 2804 rspndr - ok
20:24:41.0631 2804 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:24:41.0641 2804 RTHDMIAzAudService - ok
20:24:41.0680 2804 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:24:41.0688 2804 RTL8167 - ok
20:24:41.0696 2804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:24:41.0697 2804 SamSs - ok
20:24:41.0725 2804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:24:41.0731 2804 sbp2port - ok
20:24:41.0763 2804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:41.0770 2804 SCardSvr - ok
20:24:41.0790 2804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:24:41.0809 2804 scfilter - ok
20:24:41.0847 2804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:24:41.0870 2804 Schedule - ok
20:24:41.0894 2804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:41.0895 2804 SCPolicySvc - ok
20:24:41.0921 2804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:41.0932 2804 SDRSVC - ok
20:24:41.0948 2804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:41.0951 2804 secdrv - ok
20:24:41.0986 2804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:24:41.0991 2804 seclogon - ok
20:24:42.0009 2804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:24:42.0010 2804 SENS - ok
20:24:42.0021 2804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:24:42.0025 2804 SensrSvc - ok
20:24:42.0029 2804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:24:42.0038 2804 Serenum - ok
20:24:42.0065 2804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:24:42.0085 2804 Serial - ok
20:24:42.0124 2804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:24:42.0127 2804 sermouse - ok
20:24:42.0162 2804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:42.0169 2804 SessionEnv - ok
20:24:42.0181 2804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:24:42.0184 2804 sffdisk - ok
20:24:42.0199 2804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:24:42.0203 2804 sffp_mmc - ok
20:24:42.0214 2804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:24:42.0217 2804 sffp_sd - ok
20:24:42.0232 2804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:42.0235 2804 sfloppy - ok
20:24:42.0267 2804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:42.0278 2804 ShellHWDetection - ok
20:24:42.0303 2804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:42.0308 2804 SiSRaid2 - ok
20:24:42.0322 2804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:42.0328 2804 SiSRaid4 - ok
20:24:42.0350 2804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:42.0356 2804 Smb - ok
20:24:42.0400 2804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:42.0403 2804 SNMPTRAP - ok
20:24:42.0494 2804 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
20:24:42.0513 2804 Sony SCSI Helper Service - ok
20:24:42.0546 2804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:42.0550 2804 spldr - ok
20:24:42.0602 2804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:24:42.0614 2804 Spooler - ok
20:24:42.0689 2804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:24:42.0717 2804 sppsvc - ok
20:24:42.0738 2804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:24:42.0743 2804 sppuinotify - ok
20:24:42.0772 2804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:42.0784 2804 srv - ok
20:24:42.0825 2804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:42.0837 2804 srv2 - ok
20:24:42.0852 2804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:42.0876 2804 srvnet - ok
20:24:42.0925 2804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:42.0932 2804 SSDPSRV - ok
20:24:42.0950 2804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:42.0969 2804 SstpSvc - ok
20:24:42.0986 2804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:24:42.0991 2804 stexstor - ok
20:24:43.0024 2804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:24:43.0045 2804 stisvc - ok
20:24:43.0080 2804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:24:43.0084 2804 swenum - ok
20:24:43.0120 2804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:24:43.0131 2804 swprv - ok
20:24:43.0180 2804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:24:43.0195 2804 SysMain - ok
20:24:43.0243 2804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:43.0249 2804 TabletInputService - ok
20:24:43.0263 2804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:43.0273 2804 TapiSrv - ok
20:24:43.0294 2804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:24:43.0295 2804 TBS - ok
20:24:43.0335 2804 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:43.0369 2804 Tcpip - ok
20:24:43.0400 2804 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:43.0408 2804 TCPIP6 - ok
20:24:43.0428 2804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:43.0432 2804 tcpipreg - ok
20:24:43.0451 2804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:43.0454 2804 TDPIPE - ok
20:24:43.0476 2804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:43.0479 2804 TDTCP - ok
20:24:43.0499 2804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:43.0519 2804 tdx - ok
20:24:43.0522 2804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:24:43.0535 2804 TermDD - ok
20:24:43.0554 2804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:24:43.0570 2804 TermService - ok
20:24:43.0597 2804 [ B759A6F548A28E262B1456CDBF3B4764 ] Themes C:\Windows\system32\themeservice.dll
20:24:43.0602 2804 Themes - ok
20:24:43.0625 2804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:43.0626 2804 THREADORDER - ok
20:24:43.0643 2804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:24:43.0651 2804 TrkWks - ok
20:24:43.0695 2804 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
20:24:43.0706 2804 truecrypt - ok
20:24:43.0737 2804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:43.0744 2804 TrustedInstaller - ok
20:24:43.0774 2804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:43.0778 2804 tssecsrv - ok
20:24:43.0799 2804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:24:43.0804 2804 TsUsbFlt - ok
20:24:43.0839 2804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:43.0845 2804 tunnel - ok
20:24:43.0854 2804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:24:43.0876 2804 uagp35 - ok
20:24:43.0903 2804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:43.0912 2804 udfs - ok
20:24:43.0950 2804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:43.0956 2804 UI0Detect - ok
20:24:43.0969 2804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:24:43.0988 2804 uliagpkx - ok
20:24:44.0038 2804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:24:44.0043 2804 umbus - ok
20:24:44.0062 2804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:24:44.0065 2804 UmPass - ok
20:24:44.0086 2804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:24:44.0094 2804 upnphost - ok
20:24:44.0149 2804 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:24:44.0173 2804 usbaudio - ok
20:24:44.0183 2804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:44.0188 2804 usbccgp - ok
20:24:44.0219 2804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:24:44.0242 2804 usbcir - ok
20:24:44.0250 2804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:44.0266 2804 usbehci - ok
20:24:44.0283 2804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:44.0293 2804 usbhub - ok
20:24:44.0302 2804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:24:44.0306 2804 usbohci - ok
20:24:44.0335 2804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:44.0338 2804 usbprint - ok
20:24:44.0354 2804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:44.0359 2804 USBSTOR - ok
20:24:44.0376 2804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:24:44.0380 2804 usbuhci - ok
20:24:44.0410 2804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:24:44.0416 2804 UxSms - ok
20:24:44.0423 2804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:24:44.0425 2804 VaultSvc - ok
20:24:44.0434 2804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:24:44.0438 2804 vdrvroot - ok
20:24:44.0459 2804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:24:44.0471 2804 vds - ok
20:24:44.0484 2804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:44.0488 2804 vga - ok
20:24:44.0491 2804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:44.0495 2804 VgaSave - ok
20:24:44.0513 2804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:24:44.0522 2804 vhdmp - ok
20:24:44.0554 2804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:24:44.0559 2804 viaide - ok
20:24:44.0578 2804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:24:44.0597 2804 volmgr - ok
20:24:44.0626 2804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:44.0637 2804 volmgrx - ok
20:24:44.0669 2804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:24:44.0678 2804 volsnap - ok
20:24:44.0699 2804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:44.0706 2804 vsmraid - ok
20:24:44.0761 2804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:24:44.0784 2804 VSS - ok
20:24:44.0787 2804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:44.0791 2804 vwifibus - ok
20:24:44.0813 2804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:44.0832 2804 vwififlt - ok
20:24:44.0846 2804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:24:44.0858 2804 W32Time - ok
20:24:44.0864 2804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:24:44.0868 2804 WacomPen - ok
20:24:44.0897 2804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:24:44.0903 2804 WANARP - ok
20:24:44.0906 2804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:44.0907 2804 Wanarpv6 - ok
20:24:44.0952 2804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:24:44.0974 2804 wbengine - ok
20:24:45.0000 2804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:24:45.0035 2804 WbioSrvc - ok
20:24:45.0069 2804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:45.0078 2804 wcncsvc - ok
20:24:45.0090 2804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:45.0095 2804 WcsPlugInService - ok
20:24:45.0107 2804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:24:45.0111 2804 Wd - ok
20:24:45.0152 2804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:45.0168 2804 Wdf01000 - ok
20:24:45.0185 2804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:45.0192 2804 WdiServiceHost - ok
20:24:45.0195 2804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:45.0196 2804 WdiSystemHost - ok
20:24:45.0233 2804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:24:45.0243 2804 WebClient - ok
20:24:45.0255 2804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:45.0263 2804 Wecsvc - ok
20:24:45.0276 2804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:45.0282 2804 wercplsupport - ok
20:24:45.0312 2804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:45.0318 2804 WerSvc - ok
20:24:45.0348 2804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:45.0351 2804 WfpLwf - ok
20:24:45.0354 2804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:24:45.0359 2804 WIMMount - ok
20:24:45.0365 2804 WinHttpAutoProxySvc - ok
20:24:45.0419 2804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:45.0428 2804 Winmgmt - ok
20:24:45.0467 2804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:45.0494 2804 WinRM - ok
20:24:45.0550 2804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:45.0577 2804 Wlansvc - ok
20:24:45.0597 2804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:24:45.0597 2804 WmiAcpi - ok
20:24:45.0615 2804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:45.0622 2804 wmiApSrv - ok
20:24:45.0656 2804 WMPNetworkSvc - ok
20:24:45.0663 2804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:45.0666 2804 WPCSvc - ok
20:24:45.0681 2804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:45.0688 2804 WPDBusEnum - ok
20:24:45.0706 2804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:45.0710 2804 ws2ifsl - ok
20:24:45.0766 2804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:24:45.0773 2804 wscsvc - ok
20:24:45.0776 2804 WSearch - ok
20:24:45.0842 2804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:45.0864 2804 wuauserv - ok
20:24:45.0886 2804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:24:45.0891 2804 WudfPf - ok
20:24:45.0930 2804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:45.0937 2804 WUDFRd - ok
20:24:45.0959 2804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:45.0974 2804 wudfsvc - ok
20:24:45.0989 2804 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:24:45.0998 2804 WwanSvc - ok
20:24:46.0027 2804 ================ Scan global ===============================
20:24:46.0052 2804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:46.0086 2804 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:24:46.0099 2804 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:24:46.0119 2804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:46.0152 2804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:46.0164 2804 [Global] - ok
20:24:46.0165 2804 ================ Scan MBR ==================================
20:24:46.0180 2804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:24:46.0292 2804 \Device\Harddisk0\DR0 - ok
20:24:46.0292 2804 ================ Scan VBR ==================================
20:24:46.0294 2804 [ A0ED8EAB05DB47B5178A82641F7FE5CC ] \Device\Harddisk0\DR0\Partition1
20:24:46.0295 2804 \Device\Harddisk0\DR0\Partition1 - ok
20:24:46.0298 2804 [ FEE6710962DFE65984D4B357363033F2 ] \Device\Harddisk0\DR0\Partition2
20:24:46.0299 2804 \Device\Harddisk0\DR0\Partition2 - ok
20:24:46.0300 2804 ============================================================
20:24:46.0300 2804 Scan finished
20:24:46.0300 2804 ============================================================
20:24:46.0310 3512 Detected object count: 0
20:24:46.0310 3512 Actual detected object count: 0
__________________

Alt 07.02.2013, 19:39   #4
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



Zitat:
Zitat von NadineS Beitrag anzeigen
Leider hat er nichts gefunden. Kann das sein, weil ich den in Quarantäne habe?
Der Fund in der Quarantäne ist nur die Spitze des Eisberges.






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 08.02.2013, 13:01   #5
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

so ich habe die Programme durchlaufen lassen. Unten sind die Logs. Kann ich denn diese ganzen log dateien und Programme auf dem Desktop löschen, oder muss ich die noch behalten?

AdwCleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 08/02/2013 um 13:25:09 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ****** - SANCTUARY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\******\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\Program Files (x86)\Zoomex
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Zoomex
Ordner Gelöscht : C:\Users\******\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\******\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\******\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12708 octets] - [08/02/2013 13:25:09]

########## EOF - C:\AdwCleaner[S1].txt - [12769 octets] ##########
         
--- --- ---
JRT:JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by ****** on 08.02.2013 at 13:33:49,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\******\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files (x86)\vaudix"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2013 at 13:39:51,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---
Combofix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-07.02 - ****** 08.02.2013  13:47:10.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.396 [GMT 1:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
C:\torrent.exe
c:\users\******\theHunter-uninstall.exe
c:\windows\SysWow64\fldlckun.exe
F:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-08 bis 2013-02-08  ))))))))))))))))))))))))))))))
.
.
2013-02-08 12:51 . 2013-02-08 12:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-08 12:33 . 2013-02-08 12:33	--------	d-----w-	c:\windows\ERUNT
2013-02-08 12:33 . 2013-02-08 12:33	--------	d-----w-	C:\JRT
2013-02-07 13:22 . 2013-02-07 13:22	--------	d-----w-	c:\users\******\AppData\Roaming\Malwarebytes
2013-02-07 13:21 . 2013-02-07 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-07 13:21 . 2013-02-07 13:22	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-07 13:21 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-07 13:21 . 2013-02-07 13:21	--------	d-----w-	c:\users\******\AppData\Local\Programs
2013-01-20 18:56 . 2013-01-20 18:56	--------	d-----w-	c:\users\******\AppData\Roaming\Unity
2013-01-20 18:55 . 2013-01-20 18:55	--------	d-----w-	c:\users\******\AppData\Local\Unity
2013-01-18 19:14 . 2013-01-18 19:14	--------	d-----w-	c:\users\******\AppData\Roaming\.ZMatrix
2013-01-18 19:14 . 2013-01-18 19:14	--------	d-----w-	c:\program files (x86)\Winamp
2013-01-18 19:14 . 2013-02-05 16:28	--------	d-----w-	c:\program files (x86)\ZMatrix
2013-01-18 19:05 . 2008-11-05 05:30	16180	----a-w-	c:\windows\system32\Dscene.reg
2013-01-18 19:05 . 2008-03-18 03:07	275360	----a-w-	c:\windows\system32\DreamScene.dll
2013-01-18 18:51 . 2008-11-05 05:30	16180	----a-w-	c:\windows\Dscene.reg
2013-01-18 18:51 . 2008-03-18 03:07	275360	----a-w-	c:\windows\DreamScene.dll
2013-01-18 18:47 . 2008-03-18 17:55	233888	----a-w-	c:\windows\SysWow64\DreamScene.dll
2013-01-18 17:32 . 2013-01-12 02:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 20:45 . 2013-01-14 20:48	--------	d-----w-	c:\program files (x86)\Google
2013-01-13 15:56 . 2013-01-13 15:56	--------	d-----w-	c:\users\******\AppData\Roaming\TuneUp Software
2013-01-13 15:56 . 2013-01-13 15:56	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-13 15:56 . 2013-01-13 15:56	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-13 15:50 . 2013-01-13 15:50	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-13 15:50 . 2013-01-13 15:50	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-01-09 14:40 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 12:53 . 2012-07-27 12:23	25640	----a-w-	c:\windows\gdrv.sys
2013-01-09 18:17 . 2012-07-27 19:18	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-03 20:53 . 2012-11-07 13:48	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-03 20:53 . 2012-11-07 13:46	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-03 19:52 . 2012-11-07 13:46	281288	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-17 19:13 . 2012-11-07 15:36	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-17 19:13 . 2012-11-07 15:36	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-17 19:13 . 2012-11-01 20:00	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-16 17:11 . 2012-12-20 22:19	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 22:19	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:19	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:19	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 14:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-28 19:23 . 2012-11-28 19:24	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-28 19:23 . 2012-11-28 19:24	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-11-17 21:55 . 2012-11-07 13:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 07:06 . 2012-12-12 21:27	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 21:27	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 21:27	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 21:27	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 21:27	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 21:27	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 21:27	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 21:27	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 21:27	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 21:27	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 21:27	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 21:27	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 21:27	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 21:27	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 21:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 21:27	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 21:27	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 21:27	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 21:27	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 21:27	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 21:27	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 21:27	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-11 19:44 . 2012-11-11 19:44	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-11 19:44 . 2012-11-11 19:44	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-11 19:44 . 2012-11-11 19:44	188904	----a-w-	c:\windows\system32\java.exe
2012-11-11 19:44 . 2012-11-11 19:44	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-11 19:44 . 2012-08-09 20:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-11 19:44 . 2012-08-09 20:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-11-08 898952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\******\AppData\Local\GamersFirst\LIVE!\Live.exe [2012-11-21 2878616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-07 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-08-22 216080]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-19 386344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 14:51	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 20:45]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-APB Reloaded - e:\apb\APB Reloaded\Uninstall.exe
AddRemove-Bandicam - e:\bandicam\uninstall.exe
AddRemove-Folder Access 2.0.0 Full Version - c:\progra~2\FOLDER~1\FOLDER~1.EXE
AddRemove-theHunter - c:\users\******\theHunter-uninstall.exe
AddRemove-Wildlife Park 3_is1 - f:\wlp\Wildlife Park 3\unins000.exe
.
.
"ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ï\00\00Ï\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ï\00\00Ï\00\00\00\00m\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\USERS\******\DESKTOP\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\******\DESKTOP\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-08  13:57:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-08 12:57
.
Vor Suchlauf: 12 Verzeichnis(se), 1.939.385.176.064 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.939.194.896.384 Bytes frei
.
- - End Of File - - 2FC4A5C5093A14A53D1E37781E904BE5
         
--- --- ---


L.G. Nadine


Alt 08.02.2013, 16:47   #6
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



Zitat:
Zitat von NadineS Beitrag anzeigen
Kann ich denn diese ganzen log dateien und Programme auf dem Desktop löschen, oder muss ich die noch behalten?
Warum so ungeduldig? Wir haben gerade mit der Bereinigung angefangen und du möchtest am Liebsten alles gleich wieder Löschen...

Bitte die Programme auf dem Rechner lassen (kann sein, dass wir sie nochmal benötigen). Am Ende der Bereinigung entfernen wir die Programme auch wieder, keine Sorge.





Schritt 1
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Schritt 2
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror # 1
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *sweet*
    *Conduit*
    *Zoomex*
    *Babylon*
    *Ask Toolbar*
    *yourfiledownloader*
    *feed.helperbar*
    *vaudix*
    
    :folderfind
    *sweet*
    *Conduit*
    *Zoomex*
    *Babylon*
    *Ask Toolbar*
    *yourfiledownloader*
    *feed.helperbar*
    *vaudix*
    
    :regfind
    sweet
    Conduit
    Zoomex
    Babylon
    Ask Toolbar
    yourfiledownloader
    feed.helperbar
    vaudix
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf wird einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Wie läuft dein Rechner derzeit?
Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
--> EXP/JAVA.Rettilic.Gen

Alt 09.02.2013, 11:52   #7
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

ne ich bin nicht ungeduldig :-) , es stört mich nur ein klein wenig wenn mein Desktop so vollgeladen ist. Normalerweise halte ich Ordnung. Aber ok, ich mache mal eine Ausnahme :-D.

Ja es gibt noch ein paar Probleme. Und und zwar wenn ich den Pc starte kommt noch immer eine kleine Verzerrung. Aber die große Verzerrung, die nach einer Weile beginnt, ist schon mal weg. Aber wie oben schon beschrieben ist der Exploit damit nicht weg, es zeigen sich nur minimale Symptome.

So hier ist OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.02.2013 12:29:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,58% Memory free
7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,14 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 841,20 Gb Free Space | 90,31% Space Free | Partition Type: NTFS
 
Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe
PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:14:05 | 012,459,888 | ---- | M] () -- C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll
MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2013.02.09 12:27:21 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26
IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=302C37D5-BF37-4B11-A519-9F092AFD1314&apn_sauid=B755F661-004F-4FE8-9033-871F10086F7E
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
 
[2012.08.03 14:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.08 13:54:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.28 17:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.09 12:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.08 13:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.08 13:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.08 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.08 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.08 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.08 13:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.08 13:43:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 13:43:07 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.02.08 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.08 13:33:38 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.08 13:32:57 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe
[2013.02.07 20:23:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach
[2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity
[2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity
[2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix
[2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.09 12:27:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.09 12:27:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 12:26:58 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.08 22:56:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 21:44:52 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 21:44:52 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.08 13:54:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.08 13:43:31 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.02.08 13:33:02 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe
[2013.02.08 13:24:46 | 000,582,209 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe
[2013.02.07 20:24:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable
[2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.08 13:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.08 13:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.08 13:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.08 13:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.08 13:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:24:44 | 000,582,209 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable
[2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg
[2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg
[2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg
[2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI
[2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel
[2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll
[2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir
[2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin
[2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2013.01.15 22:03:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2012.08.09 22:19:41 | 000,002,048 | -HS- | M] () -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT
[2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro
[2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles
[2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software
[2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium
[2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate
[2013.02.08 14:00:29 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF
[2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin
[2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape
[2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO
[2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC
[2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt
[2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >
         
--- --- ---

Und SystemLook:

ystemLook 30.07.11 by jpshortstuff
Log created at 12:37 on 09/02/2013 by ******
Administrator - Elevation successful

========== filefind ==========

Searching for "*sweet*"
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx --a---- 9139 bytes [14:27 04/08/2012] [14:27 04/08/2012] 3C1023312970B037B893BA8856B6E727

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe --a---- 73080 bytes [15:50 13/01/2013] [16:26 20/08/2012] 9A5E999C90861CE9B7906DBF429D4238
C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\ConduitAbstractionLayer.js --a---- 30362 bytes [13:00 03/08/2012] [22:04 16/07/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [13:00 03/08/2012] [22:04 16/07/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [13:00 03/08/2012] [22:04 16/07/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin\conduitToolBarStyle.css --a---- 3 bytes [13:00 03/08/2012] [22:04 16/07/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib\log4conduit.jsm --a---- 760 bytes [13:00 03/08/2012] [22:04 16/07/2012] 93898FE6A232C5FCD838D8168F65D802

Searching for "*Zoomex*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Ask Toolbar*"
No files found.

Searching for "*yourfiledownloader*"
No files found.

Searching for "*feed.helperbar*"
No files found.

Searching for "*vaudix*"
C:\Windows\Prefetch\VAUDIX.EXE-E8B3B572.pf --a---- 38580 bytes [19:11 26/01/2013] [16:29 05/02/2013] F4E33B6FAC69F52A01BD3EE1364EB052

========== folderfind ==========

Searching for "*sweet*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Zoomex*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Ask Toolbar*"
No folders found.

Searching for "*yourfiledownloader*"
No folders found.

Searching for "*feed.helperbar*"
No folders found.

Searching for "*vaudix*"
No folders found.

========== regfind ==========

Searching for "sweet"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS]
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM]

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q

Searching for "Zoomex"
[HKEY_CURRENT_USER\Software\PrivitizeVPNInstallDates]
"zoomex"="190446206126"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\PrivitizeVPNInstallDates]
"zoomex"="190446206126"

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="E:\Babylon\Babylon.exe\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="E:\Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="E:\Babylon\Babylon.exe\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="E:\Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
@="BabylonHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32]
@="E:\Babylon\Babylon.exe\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR]
@="E:\Babylon"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q

Searching for "Ask Toolbar"
No data found.

Searching for "yourfiledownloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader"

Searching for "feed.helperbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"

Searching for "vaudix"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\Downloads\VaudiX.exe"="Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\InprocServer32]
@="C:\ProgramData\Premium\VaudiX\run6730.tmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}]
"TizPath"="C:\Users\******\Downloads\VaudiX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\InprocServer32]
@="C:\ProgramData\Premium\VaudiX\run6730.tmp"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\Downloads\VaudiX.exe"="Installer"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX"
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\******\Downloads\VaudiX.exe"="Installer"

-= EOF =-


--

L.G. Nadine

Alt 09.02.2013, 14:08   #8
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



das mit dem Desktop ist ja nur vorübergehend.




Du hast deinen Benutzernamen durch ***** unkenntlich gemacht. Füge beim OTL-Fix an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26
IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

:files
C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}
%LOCALAPPDATA%\{fa9187d7-ddad-308b-0083-8078e799e239}
%LOCALAPPDATA%\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
%APPDATA%\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS]

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}]

:commands
[Emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Wie läuft der Rechner?





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei des neuen OTL-Scans,
  • die Beantwortung der gestellten Frage.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 09.02.2013, 14:54   #9
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

Ja mein Rechner läuft bis jetzt ohne störungen. Ist das mit der Quarantäne egal? Und wozu diente dieser Fix? Hier sind die Daten:

OTL-Fix:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{911710C2-A94D-4946-8AB7-01413055E623}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}\ not found.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\Plugins folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults\preferences folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\sl folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\lib folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\core folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\404 folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js\resources folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\api folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\res folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\img folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\css folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647 folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully.
C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully.
File C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll not found.
File C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
========== FILES ==========
C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U folder moved successfully.
C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L folder moved successfully.
C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239} folder moved successfully.
C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U folder moved successfully.
C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L folder moved successfully.
C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239} folder moved successfully.
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB folder moved successfully.
File/Folder C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\YourFileDownloader\YourFile.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39D96DA9-1568-022A-2313-CA057A1950C8}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ******
->Temp folder emptied: 354978 bytes
->Temporary Internet Files folder emptied: 4819052 bytes
->Java cache emptied: 3991937 bytes
->Google Chrome cache emptied: 255407114 bytes
->Flash cache emptied: 652 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 252,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02092013_153450

Files\Folders moved on Reboot...
C:\Users\******\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Scann:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.02.2013 15:45:17 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 0,17 Gb Available Physical Memory | 4,26% Memory free
7,99 Gb Paging File | 3,77 Gb Available in Paging File | 47,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,18 Gb Free Space | 96,95% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 841,20 Gb Free Space | 90,31% Space Free | Partition Type: NTFS
 
Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe
PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 18:14:05 | 012,459,888 | ---- | M] () -- C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll
MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2013.02.09 15:37:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
 
[2013.02.09 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions
[2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.08 13:54:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.28 17:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.09 15:34:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.09 12:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.08 13:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.08 13:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.08 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.08 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.08 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.08 13:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.08 13:43:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.08 13:43:07 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.02.08 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.08 13:33:38 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.08 13:32:57 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe
[2013.02.07 20:23:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach
[2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity
[2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity
[2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix
[2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 15:44:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 15:44:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.09 15:41:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.09 15:37:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.09 15:37:21 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 14:56:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.09 12:37:13 | 000,165,376 | ---- | M] () -- C:\Users\******\Desktop\SystemLook_x64.exe
[2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.08 13:54:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.08 13:43:31 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.02.08 13:33:02 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe
[2013.02.08 13:24:46 | 000,582,209 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe
[2013.02.07 20:24:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable
[2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.02.09 12:37:11 | 000,165,376 | ---- | C] () -- C:\Users\******\Desktop\SystemLook_x64.exe
[2013.02.08 13:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.08 13:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.08 13:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.08 13:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.08 13:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.08 13:24:44 | 000,582,209 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable
[2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg
[2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg
[2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg
[2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI
[2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel
[2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll
[2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir
[2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin
[2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT
[2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro
[2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles
[2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software
[2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium
[2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate
[2013.02.09 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF
[2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin
[2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape
[2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO
[2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC
[2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt
[2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >
         
--- --- ---

Alt 09.02.2013, 15:07   #10
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



Zitat:
Zitat von NadineS Beitrag anzeigen
Ist das mit der Quarantäne egal?
Die Funde in der Quarantäne können keinen Schaden mehr anrichten. Du kannst die Funde aber gerne aus der Quarantäne löschen.



Zitat:
Zitat von NadineS Beitrag anzeigen
Und wozu diente dieser Fix?
Das was Avira dort in die Quarantäne gesteckt hat ist fast nichts im Vergleich zu dem, was wir mit den Tools bisher schon alles gelöscht haben.. wie z. B.
  • Rootkit
  • Trojaner
  • Adware
  • Unerwünschte Software


Wir führen noch ein paar Kontrollsuchläufe durch.








Schritt 1
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 09.02.2013, 18:38   #11
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

so ich habe hier wieder die logs. Ist ja gut zu wissen :-) . Aber ich finde dein Wissen diesbezüglich bemerkenswert. Woher weist du dass alles :-D .

MBAM:

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
****** :: SANCTUARY [Administrator]

09.02.2013 17:13:41
mbam-log-2013-02-09 (17-13-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216306
Laufzeit: 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=61acb97f362eea49825d55a95cc74f16
# engine=13093
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-09 06:28:08
# local_time=2013-02-09 07:28:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 28871 225857778 74629 0
# compatibility_mode=5893 16776574 100 94 16971303 112064338 0 0
# scanned=107571
# found=0
# cleaned=0
# scan_time=2915

SecurityCheck:

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
TuneUp Utilities Language Pack (de-DE)
Java 7 Update 11
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


L.G.Nadine

Alt 09.02.2013, 19:06   #12
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



Zitat:
Zitat von NadineS Beitrag anzeigen
Woher weist du dass alles :-D .
habe ich alles hier in der Ausbildung gelernt. Wenn man weiß, wie es geht, kann man diese Informationen (und noch viel mehr) aus den Logdateien herauslesen.





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 13 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck





Schritt 2
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 3
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 4
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 5
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alt 09.02.2013, 21:15   #13
NadineS
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Hy,

so erstmal dankeschön, dass du mir geholfen hast :-). Ohne deine Hilfe hätte ich das nicht hinbekommen.

Aber ein kleines Problem gibt es trotzdem. Und zwar bei Java. Ich kann nicht auf Einstellungen klicken. Da tut sich nichts. Auf Ansicht ( der Button daneben) kann ich klicken aber halt nicht darauf. Ist das schlimm?

Und als ich TFC eben mal gestartet habe, kamen ausgeschnittene Daten auf meinen Desktop. Wie z.B. Desktop.ini mit einem Zahnrad drauf. Kann ich das ohne Bedenken löschen?

Sonst hat alles geklappt. Und ich wusste gar nicht, dass man hier eine Ausbildung machen kann. Hmm. Find ich aber toll, dass es noch so welche Menschen wie dich gibt.

Ich werde dich definitiv in meinem Freundes und Familienkreis weiterempfehlen ;-)

L.G. Nadine

Alt 10.02.2013, 11:38   #14
M-K-D-B
/// TB-Ausbilder
 
EXP/JAVA.Rettilic.Gen - Standard

EXP/JAVA.Rettilic.Gen



Servus,



Zitat:
Zitat von NadineS Beitrag anzeigen
Aber ein kleines Problem gibt es trotzdem. Und zwar bei Java. Ich kann nicht auf Einstellungen klicken. Da tut sich nichts. Auf Ansicht ( der Button daneben) kann ich klicken aber halt nicht darauf. Ist das schlimm?
Nein, nicht schlimm.



Zitat:
Zitat von NadineS Beitrag anzeigen
Und als ich TFC eben mal gestartet habe, kamen ausgeschnittene Daten auf meinen Desktop. Wie z.B. Desktop.ini mit einem Zahnrad drauf. Kann ich das ohne Bedenken löschen?
Keine Dateien löschen! Das hier durchführen:

Datei-Endungen unter Windows wieder unsichtbar machen





Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
offline: 16.09. bis 20.09.
____________________________________

Das Trojaner-Board unterstützen

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Antwort

Themen zu EXP/JAVA.Rettilic.Gen
.com, adblock, avira, bho, bildschirm, browser, converter, dringend, email, error, exp/java.rettilic.gen, firefox, flash player, google, home, homepage, install.exe, logfile, mp3, ntdll.dll, problem, programm, realtek, registry, schach, security, software, sweetpacks, usb, virus;trojaner;malware;explit;scanns, windows



Ähnliche Themen: EXP/JAVA.Rettilic.Gen


  1. Win7, JAVA/Lamar.SFD.12 in C:\Users\...\Java\Deployment\cache\6.0\54\453e86f6-10c60f
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (16)
  2. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  3. Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt
    Log-Analyse und Auswertung - 06.06.2013 (15)
  4. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  5. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  6. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  7. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  8. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  9. Java-Virus JAVA/Tange.C, Java-Virus JAVA/Stutter.AI.3,...
    Log-Analyse und Auswertung - 07.10.2012 (14)
  10. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  11. Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (21)
  12. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  13. Java-Exploit (CVE-2010-0840.l) (C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (3)
  14. Trojanische Pferd TR/EyeStye.H.128 und Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (26)
  15. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  16. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (18)
  17. Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (7)

Zum Thema EXP/JAVA.Rettilic.Gen - Hy, ich habe ein Problem mit meinem Pc und brauche dringend hilfe, weil ich nicht weis, was ich tun soll um das Problem zu lösen. Das Bild verzehrt sich nach - EXP/JAVA.Rettilic.Gen...
Archiv
Du betrachtest: EXP/JAVA.Rettilic.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.