Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner UND "Ad is not by this side-Virus"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2013, 01:51   #1
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Hallo Leute,

ich bin neu hier und hoffe ich mache alles richtig

Also ich hatte vor einigen Monaten den GVU-Trojaner und habe jetzt erst rausgefunden, dass er auch dafür verantwortlich ist, dass meine Webcam außer gefecht ist.
Ich benötige bitte Hilfe bei der Beseitigung.

Des Weiteren habe ich seit ungefähr 3 Tagen den Virus, der mir ständig bei Google, Facebook usw. Werbebanner anzeigt.

Ich habe jetzt Scanns mit defogger und otl durchgeführt.

Vielen Dank im Voraus

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2013 01:35:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerrits\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 72,12% Memory free
15,79 Gb Paging File | 13,30 Gb Available in Paging File | 84,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,00 Gb Total Space | 79,15 Gb Free Space | 11,66% Space Free | Partition Type: NTFS
 
Computer Name: JERRITS-PC | User Name: Jerrits | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 01:34:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerrits\Desktop\OTL.exe
PRC - [2013.03.01 01:33:37 | 000,050,477 | ---- | M] () -- C:\Users\Jerrits\Desktop\Defogger.exe
PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jerrits\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 16:57:00 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.31 20:59:06 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.23 17:32:20 | 001,632,216 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.09.16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.01 01:33:37 | 000,050,477 | ---- | M] () -- C:\Users\Jerrits\Desktop\Defogger.exe
MOD - [2012.12.18 15:28:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.22 17:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.25 19:36:15 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012.11.14 14:45:32 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012.10.27 11:54:04 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012.06.06 18:57:46 | 003,293,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2011.11.01 12:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.11.01 12:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.11.01 12:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.10.20 17:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.10.19 13:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.27 01:24:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 13:59:26 | 000,462,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.02.19 23:57:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.15 23:06:43 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.31 20:59:06 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.10.29 19:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.04 18:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.10 04:25:27 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013.02.10 04:25:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.31 21:00:13 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.10.12 09:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.10.12 09:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.10.12 09:20:38 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.26 00:55:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.31 14:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.09.28 06:40:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.28 06:40:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.13 15:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 15:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.12.13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 17:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.07.13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5374EB73-2788-48E3-8BCD-94D9E46A820D}
IE:64bit: - HKLM\..\SearchScopes\{5374EB73-2788-48E3-8BCD-94D9E46A820D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{5374EB73-2788-48E3-8BCD-94D9E46A820D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: toolbar%40qipu.de:1.8.10
FF - prefs.js..extensions.enabledAddons: YTKaraoke%40DacSoft.org:1.110
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111304&tt=060612_5_&babsrc=KW_ss&mntrId=ba38acfa00000000000074e50b3f2c05&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jerrits\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jerrits\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.20 17:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 21:00:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 21:00:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 21:00:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 16:55:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\YTKaraoke@DacSoft.org: C:\Program Files (x86)\YTKaraoke\FF\ [2013.02.28 22:31:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:57:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 16:55:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.04.12 08:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\Extensions
[2013.01.22 00:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\Firefox\Profiles\01zmztx6.default\extensions
[2012.11.06 12:56:05 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\extensions\amznUWL2@amazon.com.xpi
[2013.01.19 15:34:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\extensions\freehdsport@freehdsport.tv.xpi
[2013.01.22 00:02:10 | 000,100,462 | ---- | M] () (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\extensions\toolbar@qipu.de.xpi
[2013.01.19 10:37:08 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\extensions\toolbar@web.de.xpi
[2013.01.06 18:23:57 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.11.18 22:30:22 | 000,000,911 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\11-suche.xml
[2012.11.18 22:30:22 | 000,002,273 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\englische-ergebnisse.xml
[2012.11.18 22:30:22 | 000,010,563 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\gmx-suche.xml
[2012.11.18 22:30:22 | 000,002,432 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\lastminute.xml
[2012.07.27 15:08:51 | 000,003,998 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\sweetim.xml
[2012.11.18 22:30:22 | 000,005,545 | ---- | M] () -- C:\Users\Jerrits\AppData\Roaming\mozilla\firefox\profiles\01zmztx6.default\searchplugins\webde-suche.xml
[2013.02.19 23:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 23:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.02.19 23:57:26 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.02.28 22:31:31 | 000,000,000 | ---D | M] ("Tube Karaoke") -- C:\PROGRAM FILES (X86)\YTKARAOKE\FF
[2013.02.19 23:57:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jerrits\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Google Mail = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.02.28 12:32:53 | 000,000,966 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1               activate.adobe.com
O1 - Hosts: 127.0.0.1               practivate.adobe.com
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Tube Karaoke) - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Program Files (x86)\YTKaraoke\ytkaraoke.dll (Dacotta SoftEngineering)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Hoolapp Android] "C:\Users\Jerrits\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jerrits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jerrits\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245C4C26-0F48-452F-B597-3C76C606C07D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7945C5B-237E-4AFC-A411-054FAA91AEA9}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\WINDOWS\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.10 19:51:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{888998df-76b1-11e2-a1ed-848f69ad8abd}\Shell - "" = AutoRun
O33 - MountPoints2\{888998df-76b1-11e2-a1ed-848f69ad8abd}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{925c54a3-8ee0-11e1-ad4c-848f69ad8abd}\Shell - "" = AutoRun
O33 - MountPoints2\{925c54a3-8ee0-11e1-ad4c-848f69ad8abd}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 01:34:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerrits\Desktop\OTL.exe
[2013.03.01 01:24:33 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Roaming\Malwarebytes
[2013.03.01 01:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 01:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 01:24:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.01 01:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 01:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Local\Programs
[2013.03.01 01:23:30 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jerrits\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.28 22:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTKaraoke
[2013.02.28 12:47:35 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2013.02.28 12:47:32 | 000,000,000 | ---D | C] -- C:\xampp
[2013.02.25 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\Adobe Premiere Pro Auto-Save
[2013.02.25 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Local\TubeBox
[2013.02.25 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Local\Freetec
[2013.02.25 13:58:44 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Documents\TubeBox
[2013.02.25 13:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.02.25 13:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.02.25 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Roaming\HoolappForAndroid
[2013.02.25 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddLyrics
[2013.02.25 13:55:28 | 000,393,040 | ---- | C] (Softonic                                        ) -- C:\Users\Jerrits\Desktop\SoftonicDownloader_fuer_tubebox.exe
[2013.02.25 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\Adobe Premiere Pro Preview Files
[2013.02.24 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\AppData\Local\Microsoft Games
[2013.02.21 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\Auslandsbafög
[2013.02.21 16:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.19 23:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 23:45:08 | 000,000,000 | R--D | C] -- C:\Users\Jerrits\Desktop\MySyncUPFiles
[2013.02.10 22:58:56 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\trexAuge-files
[2013.02.10 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\trex-files
[2013.02.10 20:39:13 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Documents\Mudbox
[2013.02.10 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Jerrits\Desktop\Animation
[2013.02.10 19:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013.02.10 19:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 01:34:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerrits\Desktop\OTL.exe
[2013.03.01 01:33:37 | 000,050,477 | ---- | M] () -- C:\Users\Jerrits\Desktop\Defogger.exe
[2013.03.01 01:24:19 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 01:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 01:23:35 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jerrits\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.01 00:53:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1258266630-3274669633-601875525-1001UA.job
[2013.03.01 00:52:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1258266630-3274669633-601875525-1001Core.job
[2013.03.01 00:21:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 00:21:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 00:20:48 | 001,643,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 00:20:48 | 000,707,956 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 00:20:48 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 00:20:48 | 000,153,410 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 00:20:48 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 00:17:09 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Tube Karaoke Update.job
[2013.03.01 00:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 00:13:49 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 00:13:48 | 001,317,743 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.02.28 22:12:25 | 000,005,516 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.02.28 14:52:45 | 000,388,620 | ---- | M] () -- C:\Users\Jerrits\Desktop\Unbenannt.prproj
[2013.02.28 13:25:32 | 000,001,456 | ---- | M] () -- C:\Users\Jerrits\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.02.28 12:47:35 | 000,000,616 | ---- | M] () -- C:\Users\Jerrits\Desktop\XAMPP Control Panel.lnk
[2013.02.28 12:46:06 | 102,121,490 | ---- | M] () -- C:\Users\Jerrits\Desktop\xampp-win32-1.8.1-VC9-installer.exe
[2013.02.27 09:55:16 | 000,051,473 | ---- | M] () -- C:\Users\Jerrits\Desktop\Invoice Exchange Fee Mr. Jerrit Lettmann.pdf
[2013.02.26 15:32:29 | 000,469,061 | ---- | M] () -- C:\Users\Jerrits\Desktop\doppelseite.idml
[2013.02.26 13:45:01 | 009,920,512 | ---- | M] () -- C:\Users\Jerrits\Desktop\doppelseite.indd
[2013.02.26 13:11:28 | 009,646,080 | ---- | M] () -- C:\Users\Jerrits\Documents\doppelseite.indd
[2013.02.26 11:26:06 | 000,626,846 | ---- | M] () -- C:\Users\Jerrits\Desktop\eiPott.prproj
[2013.02.25 14:12:59 | 004,890,745 | ---- | M] () -- C:\Users\Jerrits\Desktop\LMFAO - Sexy and I Know It (Official Video) [HD 1080p].mp3
[2013.02.25 13:58:21 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Freetec TubeBox.lnk
[2013.02.25 13:56:01 | 001,183,592 | ---- | M] () -- C:\Users\Jerrits\Desktop\TubeBox_Setup.exe
[2013.02.25 13:55:32 | 000,393,040 | ---- | M] (Softonic                                        ) -- C:\Users\Jerrits\Desktop\SoftonicDownloader_fuer_tubebox.exe
[2013.02.24 16:42:28 | 000,061,564 | ---- | M] () -- C:\Users\Jerrits\Desktop\korrektur.pdf
[2013.02.24 16:41:24 | 011,352,735 | ---- | M] () -- C:\Users\Jerrits\Desktop\doppelseite - korrektur.pdf
[2013.02.21 12:31:30 | 000,000,162 | -H-- | M] () -- C:\Users\Jerrits\Desktop\~$ya_hilfe.rtf
[2013.02.20 15:13:25 | 000,001,857 | ---- | M] () -- C:\Users\Jerrits\Desktop\maya_hilfe.rtf
[2013.02.19 13:53:36 | 011,308,238 | ---- | M] () -- C:\Users\Jerrits\Desktop\doppelseite korrektur 1.pdf
[2013.02.14 12:38:34 | 005,632,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 12:47:04 | 000,076,368 | ---- | M] () -- C:\Users\Jerrits\Desktop\dog.mb
[2013.02.11 17:20:38 | 000,073,460 | ---- | M] () -- C:\Users\Jerrits\Desktop\Mr Whiskers.mb
[2013.02.11 15:27:43 | 000,335,340 | ---- | M] () -- C:\Users\Jerrits\Desktop\versuch.mb
[2013.02.11 13:05:40 | 259,455,587 | ---- | M] () -- C:\Users\Jerrits\Desktop\trex.mud
[2013.02.10 23:26:33 | 258,087,737 | ---- | M] () -- C:\Users\Jerrits\Desktop\trex.bak
[2013.02.10 22:58:57 | 003,338,311 | ---- | M] () -- C:\Users\Jerrits\Desktop\trexAuge.mud
[2013.02.10 20:00:48 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Mudbox 2013 64-bit.lnk
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.08 10:25:36 | 001,032,786 | ---- | M] () -- C:\Users\Jerrits\Desktop\614773_original_R_B_by_Aka_pixelio.de.jpg
[2013.02.07 17:26:54 | 000,088,532 | ---- | M] () -- C:\Users\Jerrits\Desktop\weenie 2.mb
[2013.02.07 15:34:28 | 000,081,428 | ---- | M] () -- C:\Users\Jerrits\Desktop\Franky.mb
[2013.02.03 19:54:50 | 000,236,734 | ---- | M] () -- C:\Users\Jerrits\Desktop\unterschrift.pdf
[2013.02.03 19:54:50 | 000,013,704 | ---- | M] () -- C:\Users\Jerrits\Desktop\notenspiegel.pdf
[2013.02.02 01:07:03 | 000,116,842 | ---- | M] () -- C:\Users\Jerrits\Desktop\PDF_Ihr_Postident-Coupon.pdf
[2013.02.02 01:06:58 | 000,203,359 | ---- | M] () -- C:\Users\Jerrits\Desktop\PDF_Ihr_Finanzierungsvertrag.pdf
[2013.02.01 12:50:26 | 000,823,317 | ---- | M] () -- C:\Users\Jerrits\Desktop\myriad pro.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 01:33:37 | 000,050,477 | ---- | C] () -- C:\Users\Jerrits\Desktop\Defogger.exe
[2013.03.01 01:24:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.28 22:31:32 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\Tube Karaoke Update.job
[2013.02.28 21:29:34 | 004,890,745 | ---- | C] () -- C:\Users\Jerrits\Desktop\LMFAO - Sexy and I Know It (Official Video) [HD 1080p].mp3
[2013.02.28 14:52:37 | 000,388,620 | ---- | C] () -- C:\Users\Jerrits\Desktop\Unbenannt.prproj
[2013.02.28 13:10:27 | 000,001,456 | ---- | C] () -- C:\Users\Jerrits\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.02.28 12:47:35 | 000,000,616 | ---- | C] () -- C:\Users\Jerrits\Desktop\XAMPP Control Panel.lnk
[2013.02.28 12:44:56 | 102,121,490 | ---- | C] () -- C:\Users\Jerrits\Desktop\xampp-win32-1.8.1-VC9-installer.exe
[2013.02.27 09:55:15 | 000,051,473 | ---- | C] () -- C:\Users\Jerrits\Desktop\Invoice Exchange Fee Mr. Jerrit Lettmann.pdf
[2013.02.26 15:32:24 | 000,469,061 | ---- | C] () -- C:\Users\Jerrits\Desktop\doppelseite.idml
[2013.02.26 13:00:43 | 009,646,080 | ---- | C] () -- C:\Users\Jerrits\Documents\doppelseite.indd
[2013.02.26 12:48:24 | 000,061,564 | ---- | C] () -- C:\Users\Jerrits\Desktop\korrektur.pdf
[2013.02.26 12:48:22 | 011,352,735 | ---- | C] () -- C:\Users\Jerrits\Desktop\doppelseite - korrektur.pdf
[2013.02.26 10:27:56 | 000,005,516 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.02.25 20:34:06 | 009,920,512 | ---- | C] () -- C:\Users\Jerrits\Desktop\doppelseite.indd
[2013.02.25 13:58:21 | 000,002,521 | ---- | C] () -- C:\Users\Public\Desktop\Freetec TubeBox.lnk
[2013.02.25 13:56:00 | 001,183,592 | ---- | C] () -- C:\Users\Jerrits\Desktop\TubeBox_Setup.exe
[2013.02.25 13:23:17 | 000,626,846 | ---- | C] () -- C:\Users\Jerrits\Desktop\eiPott.prproj
[2013.02.21 12:31:30 | 000,000,162 | -H-- | C] () -- C:\Users\Jerrits\Desktop\~$ya_hilfe.rtf
[2013.02.20 15:13:25 | 000,001,857 | ---- | C] () -- C:\Users\Jerrits\Desktop\maya_hilfe.rtf
[2013.02.19 00:34:59 | 011,308,238 | ---- | C] () -- C:\Users\Jerrits\Desktop\doppelseite korrektur 1.pdf
[2013.02.12 12:22:36 | 000,076,368 | ---- | C] () -- C:\Users\Jerrits\Desktop\dog.mb
[2013.02.11 16:46:01 | 000,073,460 | ---- | C] () -- C:\Users\Jerrits\Desktop\Mr Whiskers.mb
[2013.02.11 15:27:43 | 000,335,340 | ---- | C] () -- C:\Users\Jerrits\Desktop\versuch.mb
[2013.02.10 22:58:56 | 003,338,311 | ---- | C] () -- C:\Users\Jerrits\Desktop\trexAuge.mud
[2013.02.10 22:13:15 | 258,087,737 | ---- | C] () -- C:\Users\Jerrits\Desktop\trex.bak
[2013.02.10 21:54:21 | 259,455,587 | ---- | C] () -- C:\Users\Jerrits\Desktop\trex.mud
[2013.02.10 20:00:48 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Mudbox 2013 64-bit.lnk
[2013.02.08 10:25:34 | 001,032,786 | ---- | C] () -- C:\Users\Jerrits\Desktop\614773_original_R_B_by_Aka_pixelio.de.jpg
[2013.02.07 15:56:27 | 000,088,532 | ---- | C] () -- C:\Users\Jerrits\Desktop\weenie 2.mb
[2013.02.07 14:50:33 | 000,081,428 | ---- | C] () -- C:\Users\Jerrits\Desktop\Franky.mb
[2013.02.03 19:54:50 | 000,236,734 | ---- | C] () -- C:\Users\Jerrits\Desktop\unterschrift.pdf
[2013.02.03 19:54:50 | 000,013,704 | ---- | C] () -- C:\Users\Jerrits\Desktop\notenspiegel.pdf
[2013.02.02 01:07:03 | 000,116,842 | ---- | C] () -- C:\Users\Jerrits\Desktop\PDF_Ihr_Postident-Coupon.pdf
[2013.02.02 01:06:57 | 000,203,359 | ---- | C] () -- C:\Users\Jerrits\Desktop\PDF_Ihr_Finanzierungsvertrag.pdf
[2013.02.01 12:50:26 | 000,823,317 | ---- | C] () -- C:\Users\Jerrits\Desktop\myriad pro.pdf
[2012.12.23 23:16:00 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.12.16 00:11:00 | 000,000,000 | ---- | C] () -- C:\Users\Jerrits\defogger_reenable
[2012.12.13 21:34:52 | 000,000,095 | ---- | C] () -- C:\Users\Jerrits\AppData\Local\fusioncache.dat
[2012.09.10 15:23:34 | 000,000,132 | ---- | C] () -- C:\Users\Jerrits\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.09.10 12:12:25 | 000,000,228 | ---- | C] () -- C:\Users\Jerrits\hsqlprefs.dat
[2012.06.14 15:14:13 | 000,000,132 | ---- | C] () -- C:\Users\Jerrits\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.20 17:44:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.12 14:26:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.04.12 10:52:58 | 000,017,408 | ---- | C] () -- C:\Users\Jerrits\AppData\Local\WebpageIcons.db
[2011.09.28 06:23:50 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.09.28 06:23:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.09.28 06:22:57 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.09.28 06:22:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.05 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\.minecraft
[2012.12.15 18:04:50 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Ambient Design
[2012.04.21 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Ashampoo
[2013.02.10 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Autodesk
[2012.06.04 15:33:48 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\capy
[2012.11.13 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\DAEMON Tools Lite
[2013.03.01 00:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Dropbox
[2012.08.10 10:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\EPSON
[2012.11.20 23:43:22 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Faerie Solitaire
[2012.04.11 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Fingertapps
[2012.06.04 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\fltk.org
[2012.04.19 18:28:57 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\GetRightToGo
[2012.10.25 13:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\GoPro
[2013.02.25 13:59:16 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\HoolappForAndroid
[2012.04.18 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Jens Lorek
[2012.04.19 19:46:59 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\MAGIX
[2012.05.31 09:45:56 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Outlook
[2012.04.15 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\PACE Anti-Piracy
[2012.04.14 11:55:14 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\PCDr
[2013.02.28 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Spotify
[2012.04.15 18:29:12 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.12.13 21:20:31 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Thunderbird
[2012.05.19 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Ubisoft
[2012.06.19 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Usenet.nl
[2012.12.15 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Wacom
[2012.12.15 18:17:42 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.05.27 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jerrits\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:054203E4
@Alternate Data Stream - 1194 bytes -> C:\Users\Jerrits\AppData\Local\Temp:rsbxulGEiiI3AldZ1UF27O

< End of report >
         
--- --- ---

Alt 01.03.2013, 02:55   #2
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

gmer.txt



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-01 02:52:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0005 698,64GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Jerrits\AppData\Local\Temp\pgtirfob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                              000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                            00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                            00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                     00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\ole32.dll!CoCreateInstance                                                      000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1580] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                     000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000075871465 2 bytes [87, 75]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Program Files\OO Software\Defrag\oodag.exe[2132] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter                                                   0000000077079b80 13 bytes {MOV R11, 0x140003a70; JMP R11}
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075871465 2 bytes [87, 75]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000075871465 2 bytes [87, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                              000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                   000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                            000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                             000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                           000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                   000007fef4d4dc88 5 bytes JMP 000007fff4d200d8
.text  C:\Windows\system32\Dwm.exe[3304] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                  000007fef4d4de10 5 bytes JMP 000007fff4d20110
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                    00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                             00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\ole32.dll!CoCreateInstance                                                              000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                             000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                        000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                      00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                      00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                      00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                               00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                           000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                             000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                         000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                               000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                          000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                        000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                           000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                         00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                         00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                         00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                  00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                   000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Program Files\Dell\QuickSet\quickset.exe[4428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                      000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                    00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                    00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                             00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\WINDOWS\System32\igfxpers.exe[4492] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                             000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                       000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                     00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                     00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                     00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\kernel32.dll!RegSetValueExA                                              00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                          000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                            000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                               000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                        000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                         000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                       000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\ole32.dll!CoCreateInstance                                               000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                              000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                 0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                        0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                        0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                             0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                           0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                               0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                  0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                  0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                 0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4888] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefdcf3460 7 bytes JMP 000007fffdce00d8
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefdcf9940 6 bytes JMP 000007fffdce0148
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                         000007fefdcf9fb0 5 bytes JMP 000007fffdce0180
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefdcfa150 5 bytes JMP 000007fffdce0110
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                         000007feff507490 11 bytes JMP 000007fffdce0228
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                        000007feff51bf00 7 bytes JMP 000007fffdce0260
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007fefdff89e0 8 bytes JMP 000007fffdce01f0
.text  C:\Windows\system32\wbem\unsecapp.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007fefdffbe40 8 bytes JMP 000007fffdce01b8
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                          000000007709efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                        00000000770c99b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                        00000000770d94d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                        00000000770d9640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                 00000000770fa500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                             000007fefdcf3460 7 bytes JMP 000007fffdb700d8
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                               000007fefdcf9940 6 bytes JMP 000007fffdb70148
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                  000007fefdcf9fb0 5 bytes JMP 000007fffdb70180
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                           000007fefdcfa150 5 bytes JMP 000007fffdb70110
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            000007fefdff89e0 8 bytes JMP 000007fffdb701f0
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          000007fefdffbe40 8 bytes JMP 000007fffdb701b8
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                  000007feff507490 11 bytes JMP 000007fffdb70228
.text  C:\Program Files\Windows Sidebar\sidebar.exe[5016] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                 000007feff51bf00 7 bytes JMP 000007fffdb70260
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                     0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                 0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                               0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                   0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                      0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                  0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000075871465 2 bytes [87, 75]
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                     0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[5068] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                     0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                 0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                               0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                   0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                      0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                  0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000075871465 2 bytes [87, 75]
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                     0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Users\Jerrits\AppData\Local\Akamai\netsession_win.exe[1212] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                           0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                  0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                  0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                  0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                    0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                       0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                     0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                         0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                            0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                            0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                        0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                    000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                      000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                           0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Users\Jerrits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4248] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                            00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\USER32.dll!CreateWindowExW            0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA        0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4264] C:\Windows\syswow64\ole32.dll!CoCreateInstance            00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                               0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                      0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                      0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                      0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                        0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                           0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                         0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                             0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                            0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                        000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                          000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                               0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3692] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                 0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW        0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx        0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation        0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW          0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW             0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW           0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW               0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                  0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\USER32.dll!CreateWindowExW                  0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA              0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList          000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo            000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                 0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\ole32.dll!CoCreateInstance                  00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000075871465 2 bytes [87, 75]
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000075871465 2 bytes [87, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000758714bb 2 bytes [87, 75]
.text  ...                                                                                                                                                                * 2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                       0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                       0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                       0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                         0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                 0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                         000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                           000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                 0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                             0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[5416] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                 00000000756c9d0b 5 bytes JMP 0000000173581249
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                  0000000074e71429 7 bytes JMP 00000001735812ad
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                         0000000074e8b223 5 bytes JMP 00000001735815be
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                         0000000074f088f4 7 bytes JMP 0000000173581357
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                         0000000074f08979 5 bytes JMP 00000001735816e0
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                           0000000074f08ccf 5 bytes JMP 0000000173581028
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                              0000000075891d1b 5 bytes JMP 00000001735811ef
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                            0000000075891dc9 5 bytes JMP 0000000173581023
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                0000000075892aa4 5 bytes JMP 000000017358156e
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                   0000000075892d0a 5 bytes JMP 0000000173581294
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                           000000007580e9a2 5 bytes JMP 00000001735815d7
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000000007580ebdc 5 bytes JMP 00000001735811b8
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                   0000000074ff8a29 5 bytes JMP 0000000173581050
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                               0000000075004572 5 bytes JMP 00000001735810d2
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                  0000000075695ea5 5 bytes JMP 0000000173581609
.text  C:\Users\Jerrits\Desktop\gmer_2.1.19115.exe[5132] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                   00000000756c9d0b 5 bytes JMP 0000000173581249

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________


Alt 02.03.2013, 11:02   #3
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"





Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast!
(Reiter Logdateien)


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKCU..\Run: [AdobeBridge] File not found 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:054203E4 
@Alternate Data Stream - 1194 bytes -> C:\Users\Jerrits\AppData\Local\Temp:rsbxulGEiiI3AldZ1UF27O 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Jerrits\*.tmp
C:\Users\Jerrits\AppData\*.dll
C:\Users\Jerrits\AppData\*.exe
C:\Users\Jerrits\AppData\Local\Temp\*.exe
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 02.03.2013, 18:45   #4
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jerrits :: JERRITS-PC [Administrator]

Schutz: Aktiviert

02.03.2013 17:50:48
mbam-log-2013-03-02 (17-50-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 254877
Laufzeit: 2 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
ADS C:\ProgramData\Temp:054203E4 deleted successfully.
ADS C:\Users\Jerrits\AppData\Local\Temp:rsbxulGEiiI3AldZ1UF27O deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F} folder moved successfully.
C:\ProgramData\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Jerrits\*.tmp not found.
File\Folder C:\Users\Jerrits\AppData\*.dll not found.
File\Folder C:\Users\Jerrits\AppData\*.exe not found.
C:\Users\Jerrits\AppData\Local\Temp\AcDeltree.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\alcsup.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\GoogleUpdateSetup.exe1c6132 moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\GoogleUpdateSetup.exe13a8838 moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\hcuninstaller_20130228_212706_5780.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\HitmanPro.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\nvStInst.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\tmp54F3.tmp.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\uninstaller-3620.exe moved successfully.
C:\Users\Jerrits\AppData\Local\Temp\xmlUpdater.exe moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jerrits\Desktop\cmd.bat deleted successfully.
C:\Users\Jerrits\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jerrits
->Temp folder emptied: 2000412912 bytes
->Temporary Internet Files folder emptied: 7972499 bytes
->FireFox cache emptied: 438496997 bytes
->Google Chrome cache emptied: 6712727 bytes
->Flash cache emptied: 128570 bytes
 
User: Public
 
User: Tzu Party
->Temp folder emptied: 114267 bytes
->Temporary Internet Files folder emptied: 3202073 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 109708654 bytes
->Flash cache emptied: 61899 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164185734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 8785785875 bytes
 
Total Files Cleaned = 10.983,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03022013_171246

Files\Folders moved on Reboot...
C:\Users\Jerrits\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 02/03/2013 um 18:31:29 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jerrits - JERRITS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jerrits\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\AddLyrics
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jerrits\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={BFECEDF3-891F-42D0-BF0F-7559A20D2B9A} --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\prefs.js

C:\Users\Jerrits\AppData\Roaming\Mozilla\Firefox\Profiles\01zmztx6.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=060612_5_");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "ba38acfa00000000000074e50b3f2c05");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "ba38acfa00000000000074e50b3f2c05");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15511");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&babsrc=N[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:36:15");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111304&tt=060612_5_&babsrc=KW_ss&mntrId=b[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.de");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={BFEC[...]

Datei : C:\Users\Tzu Party\AppData\Roaming\Mozilla\Firefox\Profiles\ic3t1lzm.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Jerrits\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [6428 octets] - [02/03/2013 18:31:29]

########## EOF - C:\AdwCleaner[S1].txt - [6488 octets] ##########
         
--- --- ---

--- --- ---

[/CODE]

Geändert von Valnaras (02.03.2013 um 18:51 Uhr)

Alt 03.03.2013, 11:15   #5
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Mfg, t'john
Das TB unterstützen

Alt 04.03.2013, 01:09   #6
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



So, hier sind die nächsten Logs DANKE übrigens!

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 13:49:44
-----------------------------
13:49:44.888    OS Version: Windows x64 6.1.7601 Service Pack 1
13:49:44.888    Number of processors: 8 586 0x2A07
13:49:44.888    ComputerName: JERRITS-PC  UserName: Jerrits
13:49:46.534    Initialize success
13:51:22.022    AVAST engine defs: 13030300
13:51:31.180    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:51:31.180    Disk 0 Vendor: ST975042 0005 Size: 715404MB BusType: 3
13:51:31.195    Disk 0 MBR read successfully
13:51:31.211    Disk 0 MBR scan
13:51:31.211    Disk 0 Windows 7 default MBR code
13:51:31.211    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
13:51:31.226    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 212992
13:51:31.242    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       695299 MB offset 41172992
13:51:31.258    Disk 0 scanning C:\Windows\system32\drivers
13:51:43.410    Service scanning
13:52:08.401    Modules scanning
13:52:08.401    Disk 0 trace - called modules:
13:52:08.464    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
13:52:08.464    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095fd790]
13:52:08.479    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8009552890]
13:52:08.479    5 stdcfltn.sys[fffff88001e4ac52] -> nt!IofCallDriver -> [0xfffffa8007821d10]
13:52:08.495    7 ACPI.sys[fffff88000f3d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b07050]
13:52:09.992    AVAST engine scan C:\Windows
13:52:11.927    AVAST engine scan C:\Windows\system32
13:55:28.487    AVAST engine scan C:\Windows\system32\drivers
13:56:14.367    AVAST engine scan C:\Users\Jerrits
14:07:23.982    AVAST engine scan C:\ProgramData
14:14:33.312    Scan finished successfully
14:14:49.178    Disk 0 MBR has been saved successfully to "C:\Users\Jerrits\Desktop\MBR.dat"
14:14:49.193    The log file has been saved successfully to "C:\Users\Jerrits\Desktop\aswMBR.txt"
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=92a023fc165efe4d989361c643fa50ae
# engine=13289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-03 11:56:57
# local_time=2013-03-04 12:56:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 98 44942 58678967 0 0
# compatibility_mode=5893 16776573 100 94 106082 113984867 0 0
# scanned=574084
# found=1
# cleaned=0
# scan_time=20795
sh=F7CAE266C56EA81D93A8E09FFE85E7466DB92413 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.AC trojan" ac=I fn="C:\_OTL\MovedFiles\03022013_171246\C_Users\Jerrits\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6132ebcb-3a5b51aa"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 JavaFX 2.1.1    
 Java(TM) 6 Update 24  
 Java 7 Update 15  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.171  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0) 
 Mozilla Thunderbird (17.0.3) 
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 2012 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 04.03.2013, 14:11   #7
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Alle alten Java Versionen deinstallieren:
Java(TM) 6 Update 24


Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 15 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.03.2013, 15:37   #8
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash (11,6,602,171) ist aktuell.

Java (1,7,0,15) ist aktuell.

Adobe Reader 10,1,6,1 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0








PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash (11,6,602,171) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.

Alt 05.03.2013, 12:54   #9
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.03.2013, 23:11   #10
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



VIELEN DANK t'john

Meine Webcam stürzt leider immernoch jedesmal mit folgender Fehlermeldung ab:

OMP: Warning #2: Cannot open message catalog "1031\libiomp5ui.dll"
OMP: System error #126: Das angegebene Modul wurde nicht gefunden.
OMP: Info #3: Default messages are used.
OMP: Errot #15: Initializing libiomp5md.dll, but found libguide40.lib already initialized.
OMP: Hint: This may cause performance degradation and correctness issues. Set enviroment variable KMP_DUPLICATE_LIB_OK=TRUE to ignore this problem and force the program to continue anyway. Please note that the use of KMP_DUPLICATE_LIB_OK is unsupported and using it may cause undefined behavior.

Kann das noch was mit dem GVU trojaner zu tun haben?

MfG

Alt 05.03.2013, 23:27   #11
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Das ist unwahrscheinlich, dass das was mit dem "GVU-Trojaner" zutun hat.

Das mal probiert?

Kunden-Support - Bei der Benutzung von CyberLink PowerDirector erscheint der Fehler
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.03.2013, 20:12   #12
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Habe es ausprobiert, nun startet Sie garnicht mehr. Kommt nichtmal mehr zur Fehlermeldung xD

Alt 06.03.2013, 20:56   #13
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Installiere die Treiber der Kamera mal neu.

Welcher Hersteller? Typ?
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.03.2013, 23:47   #14
Valnaras
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Dell XPS 15 mit integrierter Cam. Diese läuft nur mit Dell Webcam Central. Wollte das neu installieren, allerdings spinnt die Dell-Website wohl ein wenig, da ich nicht an die Software komme im Moment.

Also, bei Skype funktioniert die Cam jetzt wieder und das ist das wichtigste fürs Auslandssemester.
Vielen Dank nochmal für die Hilfe t'john

Alt 08.03.2013, 16:52   #15
t'john
/// Helfer-Team
 
GVU-Trojaner UND "Ad is not by this side-Virus" - Standard

GVU-Trojaner UND "Ad is not by this side-Virus"



Freut mich!

wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner UND "Ad is not by this side-Virus"
benötige, defogger, facebook, gefecht, google, gvu-trojaner, hoffe, leute, monate, neu, not, nvidia update, nvpciflt.sys, richtig, scan, search the web, softwareupdater, spotify web helper, sweetpacks, tablet, tagen, this, verantwortlich, virus, webcam, weiteren, werbebanner, wscript.exe



Ähnliche Themen: GVU-Trojaner UND "Ad is not by this side-Virus"


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Mozilla Firefox- "adds not by this side" überall
    Log-Analyse und Auswertung - 12.04.2014 (7)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  6. Diverse "Buren" "Lamar" sowie ein Exploit Virus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  7. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  8. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  9. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  10. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  11. "a5uyh54usr5u" verursacht "beinahe" Whitescreen? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (6)
  12. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  13. Virus oder Wurm " Perflib_Perfdata_1cc " & " Perflib_Perfdata_228 "
    Log-Analyse und Auswertung - 23.08.2010 (23)
  14. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema GVU-Trojaner UND "Ad is not by this side-Virus" - Hallo Leute, ich bin neu hier und hoffe ich mache alles richtig Also ich hatte vor einigen Monaten den GVU-Trojaner und habe jetzt erst rausgefunden, dass er auch dafür verantwortlich - GVU-Trojaner UND "Ad is not by this side-Virus"...
Archiv
Du betrachtest: GVU-Trojaner UND "Ad is not by this side-Virus" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.