Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spiele minimieren sich von Selbst

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2013, 15:36   #1
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Hallo zusammen,
mein Problem ist, dass sich das Spiel jedesmal nach ca. 1 Min von selbst minimiert. Manchmal öffnen sich auch irgendwelche Internet Seiten im Internet Explorer.

Danke schonmal für die Antworten.

Hier noch mal ein HijackThis log
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:03, on 25.04.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\V0770Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Samed\Desktop\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O4 - HKLM\..\Run: [msnmsgr] "C:\PROGRA~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [V0770Mon.exe] C:\Windows\V0770Mon.exe
O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0770Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0770Ext.ax
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Samed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Samed\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MicroUpdate] C:\Users\Samed\Documents\MSDCSC\msdcsc.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Samed\AppData\Local\Temp\{6DFA12AC-450D-4E6A-936A-B34F1A4ED77B}\NMSAccessU.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9528 bytes
         
--- --- ---

Alt 25.04.2013, 16:53   #2
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________

__________________

Alt 25.04.2013, 17:31   #3
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



OTL textdatei war Groß muss ich hier PostenOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.04.2013 17:59:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samed\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,82% Memory free
8,00 Gb Paging File | 6,44 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,63 Gb Total Space | 72,62 Gb Free Space | 26,06% Space Free | Partition Type: NTFS
Drive M: | 132,48 Gb Total Space | 17,89 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive S: | 54,55 Gb Total Space | 47,76 Gb Free Space | 87,54% Space Free | Partition Type: NTFS
 
Computer Name: MS | User Name: Samed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.06.01 10:22:32 | 000,032,884 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0770Mon.exe
PRC - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2010.09.30 23:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.03 09:24:44 | 001,410,048 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011.04.11 17:32:56 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
MOD - [2011.04.11 17:32:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll
MOD - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011.04.11 17:32:16 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 16:10:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.05.24 17:32:46 | 001,899,896 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2012.05.24 17:32:36 | 003,312,504 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2012.02.14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.24 22:16:58 | 000,072,192 | ---- | M] (Palm) [Disabled | Stopped] -- C:\Programme\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV - [2010.11.11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.10 22:04:48 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.20 17:21:43 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.11.20 17:21:43 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.11.16 13:17:05 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.01 10:32:38 | 000,379,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0770Vid.sys -- (V0770Vid)
DRV:64bit: - [2012.05.10 12:29:06 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2012.04.19 20:45:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.12.02 10:56:48 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.11 17:35:14 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.05.26 21:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.30 20:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2008.12.16 16:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.01.19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007.08.22 16:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.20 11:33:00 | 000,016,896 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=outbrowseaol-ie&s_qt=sb&tb_uuid=20130313104414825&tb_oid=13-03-2013
&tb_mrud=13-03-2013

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000044
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C2 81 73 7A 19 CD 01  [binary data]
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=3312_2&babsrc=SP_ss&mntrId=8c4f6b9100000000000000ff9c3d6d80
IE - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=outbrowseaol-ff&s_qt=sb&tb_uuid=20130313104404126&tb_oid=12-03-2013&tb_mrud=13-03-2013"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Bfe0258ab-4f74-43a1-8781-bcdf340f9ee9%7D:2.6.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.5.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..extensions.enabledItems: redirectcleaner@example.net:1.3.0
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 18:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.19 15:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 16:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.04.03 13:58:27 | 000,000,000 | ---D | M]
 
[2012.01.21 15:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Extensions
[2013.04.20 23:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions
[2013.04.05 00:05:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.01.22 14:38:25 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2013.02.24 00:22:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.04 23:22:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\ich@maltegoetz.de
[2013.04.19 15:58:25 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.03.31 22:34:09 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.02.18 16:16:41 | 000,051,442 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\survey-remover@gmx.com.xpi
[2013.04.15 13:23:58 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.04.20 23:21:25 | 000,087,920 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013.04.16 13:24:03 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.22 15:09:59 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.14 01:41:19 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012.02.28 15:19:47 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
[2013.03.13 20:36:16 | 000,002,541 | ---- | M] () -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\searchplugins\aol-search.xml
[2013.01.27 17:53:06 | 000,002,479 | ---- | M] () -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\searchplugins\safesearch.xml
[2013.04.13 16:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.13 16:09:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.13 16:09:51 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013.04.13 16:09:51 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.01.11 18:13:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.13 16:10:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.27 17:53:06 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.27 17:53:06 | 000,002,173 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.01.27 17:53:06 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.27 17:53:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.27 17:53:06 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.27 17:47:51 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.27 17:53:06 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wajam = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Skype Click to Call = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.03.25 16:32:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0770Ext.ax] C:\Windows\SysNative\V0770Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0770Ext.ax] C:\Windows\SysWOW64\V0770Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [V0770Mon.exe] C:\Windows\V0770Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [MicroUpdate] C:\Users\Samed\Documents\MSDCSC\msdcsc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [Spotify] C:\Users\Samed\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [Spotify Web Helper] C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-205861873-3943885056-2705481813-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA8B4DA-5708-490B-97C5-7DBD430D8386}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
MsConfig:64bit - StartUpFolder: C:^Users^Dogan_nogaD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Z Cinema.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Startup Key - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Xvid - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 17:58:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.25 16:51:37 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\redset
[2013.04.25 14:01:06 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\Ask-Fm-Autolike
[2013.04.21 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.21 12:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.20 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\CLA
[2013.04.19 16:00:43 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\LavasoftStatistics
[2013.04.19 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.19 15:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.19 15:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.19 15:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.19 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.04.19 15:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.04.19 15:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.19 15:56:43 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:56:41 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\Ad-Aware Antivirus
[2013.04.19 14:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.19 14:48:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.14 16:08:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.04.14 16:08:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.14 16:08:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.14 16:08:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.04.14 16:08:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.04.14 16:08:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.04.14 16:08:50 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.04.14 16:08:50 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.04.14 16:08:50 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.04.14 16:08:50 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.04.14 16:08:50 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.14 16:08:50 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.14 16:08:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.04.14 16:08:50 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.04.14 16:08:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.04.14 16:08:50 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.04.14 16:08:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.04.14 16:08:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.04.14 16:08:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.14 16:08:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.04.14 16:08:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.14 16:08:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.04.14 16:08:49 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.14 16:08:49 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.14 16:07:46 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.04.14 16:07:46 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.04.14 16:07:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.04.14 00:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.04.14 00:22:17 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\Programs
[2013.04.13 16:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.13 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 23:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler
[2013.04.12 23:40:14 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TeamViewer
[2013.04.12 23:38:51 | 004,889,704 | ---- | C] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.12 23:18:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.12 23:18:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.12 23:18:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.12 23:18:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.12 23:18:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.12 23:18:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.12 23:18:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.12 23:18:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.12 23:18:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.12 23:18:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.12 23:18:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.12 23:18:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.12 23:18:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.12 23:18:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.12 23:18:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 12:19:28 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.11 12:19:27 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.11 12:19:27 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.11 12:19:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.11 12:19:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.11 12:19:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.08 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TP-LINK
[2013.04.08 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.04.08 20:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.04.08 20:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.04.05 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\Sony
[2013.04.05 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2013.04.03 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\iMacros
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\ESET
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\ESET
[2013.04.03 13:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\ManiaPlanet
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2013.04.01 02:19:19 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.01 02:19:19 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.01 02:19:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.01 02:19:19 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.01 02:19:19 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.01 02:19:19 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.01 02:19:19 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.01 02:19:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.01 02:19:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.01 02:19:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.01 02:19:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.01 02:19:19 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.01 02:19:19 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.01 02:19:19 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.01 02:19:19 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.01 02:19:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.01 02:19:19 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.01 02:19:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.01 02:19:19 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.01 02:19:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.01 02:19:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.01 02:19:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.01 02:19:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.01 02:19:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.01 02:19:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.01 02:19:18 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.01 02:19:18 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.01 02:19:18 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.01 02:19:18 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.01 02:19:18 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.01 02:19:18 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.01 02:19:18 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.01 02:19:18 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.01 02:19:18 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.01 02:19:18 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.01 02:19:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.01 02:19:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.01 02:19:18 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.01 02:19:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.01 02:19:18 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.01 02:19:18 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.01 02:19:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.01 02:19:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.01 02:19:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.01 02:19:18 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.01 02:19:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.01 02:19:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.01 02:19:18 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.01 02:19:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.01 02:19:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.01 02:19:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.01 02:19:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.01 02:19:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.01 02:17:18 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.01 02:17:18 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.01 02:17:18 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.01 02:17:18 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.04.01 02:17:18 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.04.01 02:17:18 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.04.01 02:17:18 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.01 02:17:18 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.04.01 02:17:18 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.01 02:17:18 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.01 02:17:18 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.04.01 02:17:18 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.01 02:17:18 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.01 02:17:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.04.01 02:17:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.04.01 02:17:18 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.04.01 02:17:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.01 02:17:18 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 02:17:18 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.01 02:17:18 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.01 02:17:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.01 02:17:18 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.01 02:17:18 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.04.01 02:17:18 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 02:17:18 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 02:17:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 02:17:18 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.31 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Samed\.android
[2013.03.27 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\Dojotech Software
[2013.03.27 00:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No23 Recorder
[2013.03.27 00:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.25 17:22:38 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 17:22:37 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 17:13:25 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.25 17:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 17:13:10 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 17:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008UA.job
[2013.04.25 16:51:22 | 000,005,463 | ---- | M] () -- C:\Users\Samed\Desktop\redset.zip
[2013.04.25 14:06:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008Core.job
[2013.04.25 14:00:45 | 000,338,962 | ---- | M] () -- C:\Users\Samed\Desktop\Ask-Fm-Autolike.zip
[2013.04.25 13:35:58 | 000,009,811 | ---- | M] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.24 20:29:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.21 20:11:56 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:55 | 001,669,632 | ---- | M] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:50 | 000,691,966 | ---- | M] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:33:01 | 000,000,000 | ---- | M] () -- C:\Users\Samed\Documents\update.ini
[2013.04.19 15:33:00 | 013,620,200 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\ts3client_win64.exe
[2013.04.19 15:33:00 | 000,499,176 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\update.exe
[2013.04.19 15:33:00 | 000,229,864 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\package_inst.exe
[2013.04.19 14:48:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | M] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,967 | ---- | M] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:39:05 | 004,889,704 | ---- | M] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.12 23:08:15 | 000,002,358 | ---- | M] () -- C:\Users\Samed\Desktop\Google Chrome.lnk
[2013.04.12 22:18:53 | 000,002,253 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.07 15:09:41 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.07 15:09:41 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.07 15:09:41 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.07 15:09:41 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.07 15:09:41 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 17:30:41 | 000,000,222 | ---- | M] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.01 02:19:19 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.01 02:19:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.01 02:19:19 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.01 02:19:19 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.01 02:19:19 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.01 02:19:19 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.01 02:19:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.01 02:19:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.01 02:19:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.01 02:19:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.01 02:19:19 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.01 02:19:19 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.01 02:19:19 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.01 02:19:19 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.01 02:19:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.01 02:19:19 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.01 02:19:19 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.01 02:19:19 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.01 02:19:19 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.01 02:19:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.01 02:19:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.01 02:19:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.01 02:19:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:19 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.01 02:19:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.01 02:19:18 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.01 02:19:18 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.01 02:19:18 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.01 02:19:18 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.01 02:19:18 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.01 02:19:18 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.01 02:19:18 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.01 02:19:18 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.01 02:19:18 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.01 02:19:18 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.01 02:19:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.01 02:19:18 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.01 02:19:18 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.01 02:19:18 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.01 02:19:18 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.01 02:19:18 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.01 02:19:18 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.01 02:19:18 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.01 02:19:18 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.01 02:19:18 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.01 02:19:18 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.01 02:19:18 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.01 02:19:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.01 02:19:18 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.01 02:19:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.01 02:19:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.01 02:19:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.01 02:19:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.01 02:19:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.01 02:17:18 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.01 02:17:18 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.01 02:17:18 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.01 02:17:18 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.04.01 02:17:18 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.04.01 02:17:18 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.04.01 02:17:18 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.01 02:17:18 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.04.01 02:17:18 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.01 02:17:18 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.01 02:17:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.04.01 02:17:18 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.01 02:17:18 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.01 02:17:18 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.04.01 02:17:18 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.04.01 02:17:18 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.04.01 02:17:18 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.01 02:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 02:17:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.01 02:17:18 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.01 02:17:18 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.01 02:17:18 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.01 02:17:18 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.04.01 02:17:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 02:17:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 02:17:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 02:17:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 02:17:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.27 00:15:35 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[18 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.25 16:51:23 | 000,005,463 | ---- | C] () -- C:\Users\Samed\Desktop\redset.zip
[2013.04.25 14:00:45 | 000,338,962 | ---- | C] () -- C:\Users\Samed\Desktop\Ask-Fm-Autolike.zip
[2013.04.25 13:35:58 | 000,009,811 | ---- | C] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.21 12:29:38 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.21 12:29:37 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:48 | 001,669,632 | ---- | C] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:44 | 000,691,966 | ---- | C] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 14:48:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.19 14:48:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | C] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.04.14 00:22:32 | 000,000,967 | ---- | C] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:43:00 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
[2013.04.08 20:54:21 | 000,002,253 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:52:56 | 000,265,639 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.04.08 20:52:56 | 000,007,748 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.04.01 17:30:41 | 000,000,222 | ---- | C] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.27 00:15:35 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2013.03.22 17:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Samed\Microsoft
[2013.03.22 17:02:01 | 000,154,283 | -H-- | C] () -- C:\Users\Samed\AppData\Roaming\Samed-wchelper.dll
[2013.02.11 00:31:57 | 000,019,635 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.01.29 20:47:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2013.01.27 17:48:01 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.12.27 18:16:31 | 000,019,296 | ---- | C] () -- C:\Users\Samed\Ohne Titel.vf
[2012.12.27 18:10:12 | 025,205,083 | ---- | C] () -- C:\Users\Samed\YouggggggTube_Upload.mp4
[2012.12.27 00:13:34 | 000,019,016 | ---- | C] () -- C:\Users\Samed\KURDO.vf
[2012.12.27 00:13:14 | 032,517,577 | ---- | C] () -- C:\Users\Samed\YouTube_Upload.mp4
[2012.09.06 13:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.08.19 12:49:30 | 000,008,704 | ---- | C] () -- C:\Users\Samed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 18:27:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.14 21:13:52 | 000,892,190 | ---- | C] () -- C:\Users\Samed\AppData\Local\census.cache
[2012.07.14 21:13:18 | 000,125,885 | ---- | C] () -- C:\Users\Samed\AppData\Local\ars.cache
[2012.07.14 21:06:30 | 000,000,036 | ---- | C] () -- C:\Users\Samed\AppData\Local\housecall.guid.cache
[2012.07.13 22:12:41 | 000,001,802 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.03 15:18:11 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 15:15:52 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 15:15:48 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.03 15:15:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.27 14:54:55 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012.06.14 16:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.06.10 02:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.03 16:21:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLib.dll
[2012.05.22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.08 17:00:55 | 000,007,210 | ---- | C] () -- C:\Users\Samed\.recently-used.xbel
[2012.03.01 18:35:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.25 20:38:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.25 20:38:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.25 20:38:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.25 20:38:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.25 20:38:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.04 20:11:43 | 002,109,440 | ---- | C] () -- C:\Users\Samed\test.h2.db
[2012.02.04 20:11:43 | 000,001,394 | ---- | C] () -- C:\Users\Samed\.h2.server.properties
[2012.02.04 20:11:42 | 000,000,103 | ---- | C] () -- C:\Users\Samed\test.lock.db
[2012.02.01 18:01:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.01 18:01:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.29 23:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.01.24 15:33:03 | 000,000,132 | ---- | C] () -- C:\Users\Samed\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.19 16:38:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2012.01.19 16:37:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.01.19 16:37:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.01.11 20:45:04 | 000,000,218 | ---- | C] () -- C:\Users\Samed\AppData\Local\recently-used.xbel
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2005.04.08 04:16:43 | 000,001,204 | -H-- | C] () -- C:\Users\Samed\AppData\Roaming\logs.dat
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\L
[2012.10.31 13:28:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: log defogger_disable.log (472 Bytes, 144x aufgerufen)
Dateityp: txt Extras.Txt (71,7 KB, 166x aufgerufen)
Dateityp: log Gmer.log (4,2 KB, 181x aufgerufen)

Alt 25.04.2013, 18:56   #4
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Servus,




Zitat:
Zitat von Diggah187 Beitrag anzeigen
OTL textdatei war Groß muss ich hier Posten
Mir ist es sowieso lieber, wenn du die Logdateien direkt hier reinkopierst.



AdwCleaner bitte zweimal ausführen und beide Logdateien davon posten. Anschließend gehts mit JRT und ComboFix weiter.



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 25.04.2013, 20:54   #5
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-25.01 - Samed 25.04.2013  21:25:47.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2617 [GMT 2:00]
ausgeführt von:: c:\users\Samed\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\xml3EE3.tmp
c:\programdata\xml3FBF.tmp
c:\programdata\xml401D.tmp
c:\programdata\xml408C.tmp
c:\programdata\xml4417.tmp
c:\programdata\xml4511.tmp
c:\programdata\xml484A.tmp
c:\programdata\xml4906.tmp
c:\programdata\xml4FB5.tmp
c:\programdata\xml5080.tmp
c:\programdata\xml52C9.tmp
c:\programdata\xml53D3.tmp
c:\programdata\xml7CB3.tmp
c:\programdata\xml9073.tmp
c:\programdata\xml9A5F.tmp
c:\programdata\xmlB9D2.tmp
c:\programdata\xmlBA50.tmp
c:\programdata\xmlBAED.tmp
c:\users\Samed\AppData\Roaming\dclogs
c:\users\Samed\AppData\Roaming\dclogs\2012-07-03-3.dc
c:\users\Samed\AppData\Roaming\dclogs\2012-11-03-7.dc
c:\users\Samed\AppData\Roaming\dclogs\2013-02-01-6.dc
c:\users\Samed\AppData\Roaming\dclogs\2013-04-04-5.dc
c:\users\Samed\AppData\Roaming\dclogs\2013-04-05-6.dc
c:\users\Samed\AppData\Roaming\logs.dat
c:\users\Samed\AppData\Roaming\Microsoft\Windows\Templates\music_maker_4_myspace_106mb_d_en.exe
c:\users\Samed\AppData\Roaming\Samed-wchelper.dll
c:\users\Samed\Documents\MSDCSC\msdcsc.exe
c:\users\Samed\Documents\update.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-25 bis 2013-04-25  ))))))))))))))))))))))))))))))
.
.
2013-04-25 19:35 . 2013-04-25 19:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-25 19:35 . 2013-04-25 19:35	--------	d-----w-	c:\users\iPhone\AppData\Local\temp
2013-04-25 19:35 . 2013-04-25 19:35	--------	d-----w-	c:\users\Dogan_nogaD\AppData\Local\temp
2013-04-25 19:35 . 2013-04-25 19:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-25 19:35 . 2013-04-25 19:35	--------	d-----w-	c:\users\asd\AppData\Local\temp
2013-04-25 19:28 . 2013-04-25 19:28	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{860340AC-90FE-44AC-973C-00D70DDDBEBE}\offreg.dll
2013-04-25 19:18 . 2013-04-25 19:18	--------	d-----w-	c:\windows\ERUNT
2013-04-25 19:17 . 2013-04-25 19:17	--------	d-----w-	C:\JRT
2013-04-24 11:17 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 11:11 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{860340AC-90FE-44AC-973C-00D70DDDBEBE}\mpengine.dll
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\users\Samed\AppData\Roaming\SUPERAntiSpyware.com
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-19 14:00 . 2013-04-19 14:00	--------	d-----w-	c:\users\Samed\AppData\Roaming\LavasoftStatistics
2013-04-19 14:00 . 2013-04-19 14:00	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-04-19 13:59 . 2013-04-19 13:59	--------	d-----w-	c:\programdata\Lavasoft
2013-04-19 13:59 . 2013-04-19 17:27	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2013-04-19 13:58 . 2013-04-19 13:58	--------	d-----w-	c:\programdata\Downloaded Installations
2013-04-19 13:58 . 2013-04-19 13:58	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-04-19 13:56 . 2013-04-19 13:56	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-04-19 13:56 . 2013-04-19 17:25	--------	d-----w-	c:\users\Samed\AppData\Roaming\Ad-Aware Antivirus
2013-04-19 12:48 . 2009-01-25 10:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-04-19 12:48 . 2013-04-19 12:48	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-14 14:09 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-04-14 14:07 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-04-14 14:07 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-04-14 14:07 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-04-14 14:07 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-04-14 14:07 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-04-14 14:07 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-04-14 14:07 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-04-14 14:07 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-04-14 14:07 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-04-13 22:22 . 2013-04-13 22:22	--------	d-----w-	c:\program files (x86)\Audacity
2013-04-13 22:22 . 2013-04-13 22:22	--------	d-----w-	c:\users\Samed\AppData\Local\Programs
2013-04-13 14:09 . 2013-04-13 14:09	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-12 21:43 . 2013-04-12 21:43	--------	d-----w-	c:\program files (x86)\Network Stumbler
2013-04-12 21:40 . 2013-04-17 17:01	--------	d-----w-	c:\users\Samed\AppData\Roaming\TeamViewer
2013-04-11 10:40 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 10:19 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 10:19 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 10:19 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 10:19 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 10:19 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 10:19 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-11 10:19 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-08 18:54 . 2013-04-11 09:50	--------	d-----w-	c:\users\Samed\AppData\Roaming\TP-LINK
2013-04-08 18:54 . 2013-04-08 18:54	--------	d-----w-	c:\program files (x86)\TP-LINK
2013-04-08 18:52 . 2011-04-11 15:35	1579520	----a-w-	c:\windows\system32\drivers\athrx.sys
2013-04-08 18:52 . 2011-04-11 15:35	1579520	----a-w-	c:\windows\system32\athrx.sys
2013-04-08 18:51 . 2013-04-12 20:18	--------	d-----w-	c:\programdata\TP-LINK
2013-04-05 14:42 . 2013-04-05 14:42	--------	d-----w-	c:\program files (x86)\Infogrames
2013-04-03 12:01 . 2013-04-03 12:01	--------	d-----w-	c:\users\Samed\AppData\Local\ESET
2013-04-03 11:58 . 2013-04-03 11:58	--------	d-----w-	c:\program files\ESET
2013-04-01 16:28 . 2013-04-21 10:47	--------	d-----w-	c:\programdata\ManiaPlanet
2013-04-01 00:17 . 2013-04-01 00:17	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-31 20:56 . 2013-03-31 20:57	--------	d-----w-	c:\users\Samed\.android
2013-03-26 22:27 . 2013-03-26 22:27	--------	d-----w-	c:\users\Samed\AppData\Roaming\Dojotech Software
2013-03-26 22:15 . 2013-03-26 22:22	--------	d-----w-	c:\program files (x86)\No23 Recorder
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 21:20 . 2009-12-24 00:58	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-25 14:03 . 2013-03-25 14:03	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-25 14:03 . 2013-03-25 14:01	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-25 13:23 . 2013-03-25 13:23	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-25 13:23 . 2012-07-08 14:35	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-25 13:23 . 2012-01-27 18:38	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-11 23:10 . 2009-12-24 00:53	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-22 01:43 . 2013-02-22 01:43	46280	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2013-02-14 10:21 . 2013-02-14 10:21	58416	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2013-02-14 10:21 . 2013-02-14 10:21	213416	----a-w-	c:\windows\system32\drivers\eamonm.sys
2013-02-12 05:45 . 2013-03-13 19:14	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:14	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:14	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 19:14	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 19:14	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:14	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-16 22:04	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-19 1631144]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-23 1105408]
"Spotify"="c:\users\Samed\AppData\Roaming\Spotify\Spotify.exe" [2013-04-23 4547584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\SysWOW64\V0770Ext.ax"="c:\windows\SysWOW64\V0770Ext.ax" [X]
"msnmsgr"="c:\progra~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" [2012-09-12 4272640]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"V0770Mon.exe"="c:\windows\V0770Mon.exe" [2012-06-01 32884]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2013-4-8 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpuz130;cpuz130;c:\users\DOGAN_~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-20 14448]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE;c:\users\Samed\Desktop\PBDownforce.sys [x]
R3 PBDOWNFORCE_TEST_SERVICE;PBDOWNFORCE_TEST_SERVICE;c:\users\Samed\Desktop\Test.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [2008-12-16 737312]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 V0770Vid;Live! Cam Sync HD VF0770 Driver;c:\windows\system32\DRIVERS\V0770Vid.sys [2012-06-01 379776]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
R4 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
R4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-24 72192]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe [2009-08-10 93848]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-19 14456]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2012-11-16 95392]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-19 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-22 46280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-05-10 82160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
S3 ZCinema_TSHD_x64;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_amd64.sys [2007-08-22 21648]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008Core.job
- c:\users\Samed\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-07 12:56]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008UA.job
- c:\users\Samed\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-07 12:56]
.
2013-04-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0770Ext.ax"="c:\windows\system32\V0770Ext.ax" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000044
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B230B6FD-87A5-41E5-885E-F3E56C7C7EB7}\54354413131313: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 14:35; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-04-03 15:00; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-04-14 01:41; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-TeamSpeak 3 Client - c:\users\Samed\Documents\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-25  21:38:26
ComboFix-quarantined-files.txt  2013-04-25 19:38
ComboFix2.txt  2012-03-19 13:15
.
Vor Suchlauf: 21 Verzeichnis(se), 77.293.150.208 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 76.975.370.240 Bytes frei
.
- - End Of File - - BBEE7F68B990D5693F23A18D3DDE7A9D
         
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Samed on 25.04.2013 at 21:18:06,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\ASK-FM-AUTOLIKE.EXE-F4A4E5E9.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Samed\appdata\local\visualbeeexe"
Successfully deleted: [Empty Folder] C:\Users\Samed\appdata\local\{AF685607-8EE5-4CCA-BF84-86AC52CD13CD}
Successfully deleted: [Empty Folder] C:\Users\Samed\appdata\local\{BE43E381-8373-46C9-8627-8BF1F75852E5}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Emptied folder: C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\minidumps [400 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Samed\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 21:21:10,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 25/04/2013 um 21:00:36 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Samed - MS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Samed\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Samed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Samed\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\Samed\Documents\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Samed\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Samed\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Samed\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Samed\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\adawaretb
Ordner Gelöscht : C:\Users\Samed\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\CompeteInc
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\10a3ff583a8855eb34d4dbc80531f951
Schlüssel Gelöscht : HKCU\Software\ba4c12bee3027d94da5c81db2d196bfd
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\CompeteInc
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\prefs.js

C:\Users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109958&tt=3312_2&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=out[...]
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=101641");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "8c4f6b9100000000000000ff9c3d6d80");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15568");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 24);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:27:09");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 65989073);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:27:09");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=3312_2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "8c4f6b9100000000000000ff6978b2fa");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "8c4f6b9100000000000000ff6978b2fa");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15490");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=3312_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.617:11:10");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10589");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", "false");
Gelöscht : user_pref("extensions.incredibar_i.hardId", "8c4f6b9100000000000000ffa42e2759");
Gelöscht : user_pref("extensions.incredibar_i.id", "8c4f6b9100000000000000ffa42e2759");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15385");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQougVYVk&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQougVYVk");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92542379561813066");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2714:55:51");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
Gelöscht : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.co[...]
Gelöscht : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Gelöscht : user_pref("quickstores.toolbar.affid", "2017");
Gelöscht : user_pref("quickstores.toolbar.guid", "{A48CE5CE-1D83-749A-43C0-D64C4B7DB54D}");

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [11836 octets] - [25/04/2013 21:00:36]

########## EOF - C:\AdwCleaner[S1].txt - [11897 octets] ##########
         
--- --- ---


Alt 26.04.2013, 10:08   #6
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Servus,



Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Driver::
    hshld
    
    DDS::
    uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000044
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *babylon*
    *QuickStores*
    *adawaretb*
    *blekko*
    *Softonic*
    *Conduit*
    *sweetim*
    
    :folderfind
    *babylon*
    *QuickStores*
    *foxydeal*
    *safesearch*
    *adawaretb*
    *blekko*
    *jpmbfleldcgkldadpdinhjjopdfpjfjp*
    *Wajam*
    *Softonic*
    *Conduit*
    *sweetim*
    
    :regfind
    babylon
    QuickStores
    foxydeal
    safesearch
    adawaretb
    blekko
    jpmbfleldcgkldadpdinhjjopdfpjfjp
    Wajam
    Softonic
    Conduit
    sweetim
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von OTL,
  • die Logdatei von SystemLook.
__________________
--> Spiele minimieren sich von Selbst

Alt 26.04.2013, 12:01   #7
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-26.01 - Samed 26.04.2013  12:20:54.7.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2550 [GMT 2:00]
ausgeführt von:: c:\users\Samed\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Samed\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hshld
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-26 bis 2013-04-26  ))))))))))))))))))))))))))))))
.
.
2013-04-26 10:32 . 2013-04-26 10:32	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-26 10:32 . 2013-04-26 10:32	--------	d-----w-	c:\users\iPhone\AppData\Local\temp
2013-04-26 10:32 . 2013-04-26 10:32	--------	d-----w-	c:\users\Dogan_nogaD\AppData\Local\temp
2013-04-26 10:32 . 2013-04-26 10:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-26 10:32 . 2013-04-26 10:32	--------	d-----w-	c:\users\asd\AppData\Local\temp
2013-04-26 10:09 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EC1C3D-DA39-4A16-871D-4E4019066DC0}\mpengine.dll
2013-04-25 19:18 . 2013-04-25 19:18	--------	d-----w-	c:\windows\ERUNT
2013-04-25 19:17 . 2013-04-25 19:17	--------	d-----w-	C:\JRT
2013-04-24 11:17 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\users\Samed\AppData\Roaming\SUPERAntiSpyware.com
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-04-21 10:29 . 2013-04-21 10:29	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-04-19 14:00 . 2013-04-19 14:00	--------	d-----w-	c:\users\Samed\AppData\Roaming\LavasoftStatistics
2013-04-19 14:00 . 2013-04-19 14:00	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-04-19 13:59 . 2013-04-19 13:59	--------	d-----w-	c:\programdata\Lavasoft
2013-04-19 13:59 . 2013-04-19 17:27	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2013-04-19 13:58 . 2013-04-19 13:58	--------	d-----w-	c:\programdata\Downloaded Installations
2013-04-19 13:58 . 2013-04-19 13:58	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-04-19 13:56 . 2013-04-19 13:56	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-04-19 13:56 . 2013-04-19 17:25	--------	d-----w-	c:\users\Samed\AppData\Roaming\Ad-Aware Antivirus
2013-04-19 12:48 . 2009-01-25 10:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-04-19 12:48 . 2013-04-19 12:48	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-14 14:09 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-04-14 14:07 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-04-14 14:07 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-04-14 14:07 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-04-14 14:07 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-04-14 14:07 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-04-14 14:07 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-04-14 14:07 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-04-14 14:07 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-04-14 14:07 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-04-13 22:22 . 2013-04-13 22:22	--------	d-----w-	c:\program files (x86)\Audacity
2013-04-13 22:22 . 2013-04-13 22:22	--------	d-----w-	c:\users\Samed\AppData\Local\Programs
2013-04-13 14:09 . 2013-04-13 14:09	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-12 21:43 . 2013-04-12 21:43	--------	d-----w-	c:\program files (x86)\Network Stumbler
2013-04-12 21:40 . 2013-04-17 17:01	--------	d-----w-	c:\users\Samed\AppData\Roaming\TeamViewer
2013-04-11 10:40 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 10:19 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 10:19 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 10:19 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 10:19 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 10:19 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 10:19 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-11 10:19 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-08 18:54 . 2013-04-11 09:50	--------	d-----w-	c:\users\Samed\AppData\Roaming\TP-LINK
2013-04-08 18:54 . 2013-04-08 18:54	--------	d-----w-	c:\program files (x86)\TP-LINK
2013-04-08 18:52 . 2011-04-11 15:35	1579520	----a-w-	c:\windows\system32\drivers\athrx.sys
2013-04-08 18:52 . 2011-04-11 15:35	1579520	----a-w-	c:\windows\system32\athrx.sys
2013-04-08 18:51 . 2013-04-12 20:18	--------	d-----w-	c:\programdata\TP-LINK
2013-04-05 14:42 . 2013-04-05 14:42	--------	d-----w-	c:\program files (x86)\Infogrames
2013-04-03 12:01 . 2013-04-03 12:01	--------	d-----w-	c:\users\Samed\AppData\Local\ESET
2013-04-03 11:58 . 2013-04-03 11:58	--------	d-----w-	c:\program files\ESET
2013-04-01 16:28 . 2013-04-21 10:47	--------	d-----w-	c:\programdata\ManiaPlanet
2013-04-01 00:17 . 2013-04-01 00:17	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-31 20:56 . 2013-03-31 20:57	--------	d-----w-	c:\users\Samed\.android
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 21:20 . 2009-12-24 00:58	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-01 00:19 . 2013-04-01 00:19	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-01 00:19 . 2013-04-01 00:19	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-01 00:17 . 2013-04-01 00:17	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-01 00:17 . 2013-04-01 00:17	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-01 00:17 . 2013-04-01 00:17	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-01 00:17 . 2013-04-01 00:17	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-04-01 00:17 . 2013-04-01 00:17	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-25 14:03 . 2013-03-25 14:03	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-25 14:03 . 2013-03-25 14:01	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-25 13:23 . 2013-03-25 13:23	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-25 13:23 . 2012-07-08 14:35	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-25 13:23 . 2012-01-27 18:38	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-11 23:10 . 2009-12-24 00:53	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-22 01:43 . 2013-02-22 01:43	46280	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2013-02-21 10:30 . 2013-04-12 21:18	1766912	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-14 10:21 . 2013-02-14 10:21	58416	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2013-02-14 10:21 . 2013-02-14 10:21	213416	----a-w-	c:\windows\system32\drivers\eamonm.sys
2013-02-12 05:45 . 2013-03-13 19:14	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:14	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:14	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 19:14	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 19:14	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:14	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-16 22:04	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-04-19 1631144]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-23 1105408]
"Spotify"="c:\users\Samed\AppData\Roaming\Spotify\Spotify.exe" [2013-04-23 4547584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\SysWOW64\V0770Ext.ax"="c:\windows\SysWOW64\V0770Ext.ax" [X]
"msnmsgr"="c:\progra~2\WIC4A1~1\MESSEN~1\msnmsgr.exe" [2012-09-12 4272640]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"V0770Mon.exe"="c:\windows\V0770Mon.exe" [2012-06-01 32884]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2013-4-8 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpuz130;cpuz130;c:\users\DOGAN_~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-20 14448]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE;c:\users\Samed\Desktop\PBDownforce.sys [x]
R3 PBDOWNFORCE_TEST_SERVICE;PBDOWNFORCE_TEST_SERVICE;c:\users\Samed\Desktop\Test.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [2008-12-16 737312]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 V0770Vid;Live! Cam Sync HD VF0770 Driver;c:\windows\system32\DRIVERS\V0770Vid.sys [2012-06-01 379776]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
R4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-24 72192]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe [2009-08-10 93848]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-19 14456]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2012-11-16 95392]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-19 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-02-22 46280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-05-10 82160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
S3 ZCinema_TSHD_x64;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_amd64.sys [2007-08-22 21648]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008Core.job
- c:\users\Samed\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-07 12:56]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008UA.job
- c:\users\Samed\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-07 12:56]
.
2013-04-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0770Ext.ax"="c:\windows\system32\V0770Ext.ax" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B230B6FD-87A5-41E5-885E-F3E56C7C7EB7}\54354413131313: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 14:35; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-04-03 15:00; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - ExtSQL: 2013-04-14 01:41; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; c:\users\Samed\AppData\Roaming\Mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-26  12:41:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-26 10:41
ComboFix2.txt  2013-04-25 19:38
ComboFix3.txt  2012-03-19 13:15
.
Vor Suchlauf: 22 Verzeichnis(se), 76.571.201.536 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 76.035.473.408 Bytes frei
.
- - End Of File - - 15A5E3EFB383E1B2B4BF831DA264A3F2
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2013 12:43:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samed\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,48% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,63 Gb Total Space | 70,94 Gb Free Space | 25,46% Space Free | Partition Type: NTFS
Drive M: | 132,48 Gb Total Space | 17,89 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive S: | 54,55 Gb Total Space | 47,76 Gb Free Space | 87,54% Space Free | Partition Type: NTFS
 
Computer Name: MS | User Name: Samed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
PRC - [2013.04.23 20:54:50 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.13 16:10:02 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.25 16:03:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013.01.07 13:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.06.01 10:22:32 | 000,032,884 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0770Mon.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2010.09.30 23:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 16:10:01 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.25 16:03:11 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.01.09 13:11:40 | 000,599,040 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012.11.07 17:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.10.05 04:51:10 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.08.03 09:24:44 | 001,410,048 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2011.04.11 17:32:56 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
MOD - [2011.04.11 17:32:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll
MOD - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011.04.11 17:32:16 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 16:10:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.05.24 17:32:46 | 001,899,896 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2012.05.24 17:32:36 | 003,312,504 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2012.02.14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.24 22:16:58 | 000,072,192 | ---- | M] (Palm) [Disabled | Stopped] -- C:\Programme\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV - [2010.11.11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.10 22:04:48 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.20 17:21:43 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.11.20 17:21:43 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.11.16 13:17:05 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.01 10:32:38 | 000,379,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0770Vid.sys -- (V0770Vid)
DRV:64bit: - [2012.05.10 12:29:06 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2012.04.19 20:45:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.12.02 10:56:48 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.11 17:35:14 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.05.26 21:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.30 20:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2008.12.16 16:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.01.19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007.08.22 16:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.20 11:33:00 | 000,016,896 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C2 81 73 7A 19 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Bfe0258ab-4f74-43a1-8781-bcdf340f9ee9%7D:2.6.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.5.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0
FF - prefs.js..extensions.enabledItems: redirectcleaner@example.net:1.3.0
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 18:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.19 15:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 16:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.04.03 13:58:27 | 000,000,000 | ---D | M]
 
[2012.01.21 15:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Extensions
[2013.04.25 21:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions
[2013.04.05 00:05:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.01.22 14:38:25 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2013.02.24 00:22:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.04 23:22:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\ich@maltegoetz.de
[2013.03.31 22:34:09 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.02.18 16:16:41 | 000,051,442 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\survey-remover@gmx.com.xpi
[2013.04.15 13:23:58 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.04.20 23:21:25 | 000,087,920 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013.04.16 13:24:03 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.22 15:09:59 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.14 01:41:19 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012.02.28 15:19:47 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
[2013.03.13 20:36:16 | 000,002,541 | ---- | M] () -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\searchplugins\aol-search.xml
[2013.04.25 21:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.13 16:09:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.11 18:13:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.13 16:10:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.27 17:53:06 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.27 17:53:06 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.27 17:53:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.27 17:53:06 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.27 17:47:51 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.27 17:53:06 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.26 12:34:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0770Ext.ax] C:\Windows\SysNative\V0770Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0770Ext.ax] C:\Windows\SysWOW64\V0770Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [V0770Mon.exe] C:\Windows\V0770Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify] C:\Users\Samed\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA8B4DA-5708-490B-97C5-7DBD430D8386}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 12:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.25 21:22:10 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Samed\Desktop\ComboFix.exe
[2013.04.25 21:18:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.25 21:17:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.25 21:17:28 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Samed\Desktop\JRT.exe
[2013.04.25 17:58:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.21 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.21 12:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.20 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\CLA
[2013.04.19 16:00:43 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\LavasoftStatistics
[2013.04.19 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.19 15:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.19 15:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.19 15:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.19 15:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.19 15:56:43 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:56:41 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\Ad-Aware Antivirus
[2013.04.19 14:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.19 14:48:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.14 00:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.04.14 00:22:17 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\Programs
[2013.04.13 16:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.13 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 23:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler
[2013.04.12 23:40:14 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TeamViewer
[2013.04.12 23:38:51 | 004,889,704 | ---- | C] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.08 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TP-LINK
[2013.04.08 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.04.08 20:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.04.08 20:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.04.05 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\Sony
[2013.04.05 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2013.04.03 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\iMacros
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\ESET
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\ESET
[2013.04.03 13:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\ManiaPlanet
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2013.03.31 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Samed\.android
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 12:45:18 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 12:45:17 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 12:34:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.26 12:33:41 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.26 12:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 12:33:29 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 12:29:01 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.26 12:15:52 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Samed\Desktop\ComboFix.exe
[2013.04.26 12:06:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008UA.job
[2013.04.25 21:17:29 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Samed\Desktop\JRT.exe
[2013.04.25 21:12:23 | 005,005,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 21:12:02 | 617,701,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.25 20:59:05 | 000,619,461 | ---- | M] () -- C:\Users\Samed\Desktop\adwcleaner.exe
[2013.04.25 18:11:48 | 000,377,856 | ---- | M] () -- C:\Users\Samed\Desktop\gmer_2.1.19163.exe
[2013.04.25 18:10:44 | 000,000,000 | ---- | M] () -- C:\Users\Samed\defogger_reenable
[2013.04.25 18:10:26 | 000,050,477 | ---- | M] () -- C:\Users\Samed\Desktop\Defogger.exe
[2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.25 14:06:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008Core.job
[2013.04.25 13:35:58 | 000,009,811 | ---- | M] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.21 20:11:56 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:55 | 001,669,632 | ---- | M] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:50 | 000,691,966 | ---- | M] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:33:01 | 000,000,000 | ---- | M] () -- C:\Users\Samed\Documents\update.ini
[2013.04.19 15:33:00 | 013,620,200 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\ts3client_win64.exe
[2013.04.19 15:33:00 | 000,229,864 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\package_inst.exe
[2013.04.19 14:48:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | M] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,967 | ---- | M] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:39:05 | 004,889,704 | ---- | M] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.12 23:08:15 | 000,002,358 | ---- | M] () -- C:\Users\Samed\Desktop\Google Chrome.lnk
[2013.04.12 22:18:53 | 000,002,253 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.07 15:09:41 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.07 15:09:41 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.07 15:09:41 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.07 15:09:41 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.07 15:09:41 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 17:30:41 | 000,000,222 | ---- | M] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.25 21:12:05 | 005,005,736 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 21:12:02 | 617,701,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.25 20:59:04 | 000,619,461 | ---- | C] () -- C:\Users\Samed\Desktop\adwcleaner.exe
[2013.04.25 18:11:48 | 000,377,856 | ---- | C] () -- C:\Users\Samed\Desktop\gmer_2.1.19163.exe
[2013.04.25 18:10:44 | 000,000,000 | ---- | C] () -- C:\Users\Samed\defogger_reenable
[2013.04.25 18:10:27 | 000,050,477 | ---- | C] () -- C:\Users\Samed\Desktop\Defogger.exe
[2013.04.25 13:35:58 | 000,009,811 | ---- | C] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.21 12:29:38 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.21 12:29:37 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:48 | 001,669,632 | ---- | C] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:44 | 000,691,966 | ---- | C] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 14:48:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.19 14:48:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | C] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.04.14 00:22:32 | 000,000,967 | ---- | C] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:43:00 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
[2013.04.08 20:54:21 | 000,002,253 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:52:56 | 000,265,639 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.04.08 20:52:56 | 000,007,748 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.04.01 17:30:41 | 000,000,222 | ---- | C] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.22 17:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Samed\Microsoft
[2013.02.11 00:31:57 | 000,019,635 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.01.29 20:47:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2013.01.27 17:48:01 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.12.27 18:16:31 | 000,019,296 | ---- | C] () -- C:\Users\Samed\Ohne Titel.vf
[2012.12.27 18:10:12 | 025,205,083 | ---- | C] () -- C:\Users\Samed\YouggggggTube_Upload.mp4
[2012.12.27 00:13:34 | 000,019,016 | ---- | C] () -- C:\Users\Samed\KURDO.vf
[2012.12.27 00:13:14 | 032,517,577 | ---- | C] () -- C:\Users\Samed\YouTube_Upload.mp4
[2012.09.06 13:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.08.19 12:49:30 | 000,008,704 | ---- | C] () -- C:\Users\Samed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 18:27:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.14 21:13:52 | 000,892,190 | ---- | C] () -- C:\Users\Samed\AppData\Local\census.cache
[2012.07.14 21:13:18 | 000,125,885 | ---- | C] () -- C:\Users\Samed\AppData\Local\ars.cache
[2012.07.14 21:06:30 | 000,000,036 | ---- | C] () -- C:\Users\Samed\AppData\Local\housecall.guid.cache
[2012.07.13 22:12:41 | 000,001,802 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.03 15:18:11 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 15:15:52 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 15:15:48 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.03 15:15:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.27 14:54:55 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012.06.14 16:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.06.10 02:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.03 16:21:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLib.dll
[2012.05.22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.08 17:00:55 | 000,007,210 | ---- | C] () -- C:\Users\Samed\.recently-used.xbel
[2012.03.01 18:35:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.25 20:38:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.25 20:38:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.25 20:38:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.25 20:38:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.25 20:38:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.04 20:11:43 | 002,109,440 | ---- | C] () -- C:\Users\Samed\test.h2.db
[2012.02.04 20:11:43 | 000,001,394 | ---- | C] () -- C:\Users\Samed\.h2.server.properties
[2012.02.04 20:11:42 | 000,000,103 | ---- | C] () -- C:\Users\Samed\test.lock.db
[2012.02.01 18:01:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.01 18:01:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.29 23:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.01.24 15:33:03 | 000,000,132 | ---- | C] () -- C:\Users\Samed\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.19 16:38:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2012.01.19 16:37:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.01.19 16:37:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.01.11 20:45:04 | 000,000,218 | ---- | C] () -- C:\Users\Samed\AppData\Local\recently-used.xbel
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\L
[2012.10.31 13:28:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.23 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.Comet
[2013.02.20 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.minecraft
[2012.03.30 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.platinum
[2012.03.15 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.techniclauncher
[2013.01.23 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.terasology
[2013.04.19 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Ad-Aware Antivirus
[2013.04.14 00:29:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Audacity
[2012.05.18 21:37:08 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\avidemux
[2012.07.13 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\BTS
[2012.02.10 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Canneverbe Limited
[2012.02.21 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.21 01:50:39 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\CSS-WarFinder
[2013.01.27 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DAEMON Tools Lite
[2012.08.04 02:42:16 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DarknessII
[2012.02.08 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DAZ 3D
[2013.03.27 00:27:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Dojotech Software
[2012.09.22 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DVDVideoSoft
[2012.11.12 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\EasyMP3Downloader
[2013.04.03 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ESET
[2013.01.24 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\FileZilla
[2012.04.06 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\fltk.org
[2012.05.25 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\FreeAudioPack
[2012.03.04 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\gtk-2.0
[2013.02.11 01:16:43 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\HLSW
[2013.03.07 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Hotspot Shield
[2012.08.19 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ImTOO
[2012.12.23 15:34:18 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\JasonRobitaille
[2012.08.10 01:29:01 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\MAGIX
[2013.01.06 05:23:08 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\MAXON
[2012.01.19 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Motorola
[2012.07.02 17:29:35 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Motorola Mobility
[2012.02.20 11:58:12 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\mp3DirectCut
[2012.07.03 17:14:56 | 000,000,000 | -HSD | M] -- C:\Users\Samed\AppData\Roaming\MSDCSC
[2012.01.13 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\NationRed
[2013.04.21 14:18:16 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Notepad++
[2013.01.27 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Octoshape
[2012.07.12 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\OpenOffice.org
[2013.01.27 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Opera
[2012.11.04 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\PDAppFlex
[2013.01.12 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\PhotoScape
[2012.06.18 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Propellerhead Software
[2012.02.13 17:43:18 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Publish Providers
[2012.05.04 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\REAPER
[2012.02.24 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\RotMG.Production
[2012.01.23 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Router Manager
[2012.09.28 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\RouterControl
[2013.01.06 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Sony
[2012.08.31 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Sony Creative Software Inc
[2013.04.25 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Spotify
[2012.07.05 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Steinberg
[2013.04.17 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TeamViewer
[2013.03.02 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TechSmith
[2012.05.18 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ThePluginSite
[2013.04.11 11:50:05 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TP-LINK
[2012.07.15 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TuneUp Software
[2012.05.24 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Tunngle
[2013.03.22 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Upgrade
[2013.01.27 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\uTorrent
[2012.11.15 18:14:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >
         
--- --- ---

SystemLook 30.07.11 by jpshortstuff
Code:
ATTFilter
Log created at 12:50 on 26/04/2013 by Samed
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0000.zip	--a---- 8661 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] E7E170D6C5B2D152F9C4EF3DC4990C20
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0001.zip	--a---- 5249 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] F0129165522235C086C1CC3BB01E1E4B
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0002.zip	--a---- 5375 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] C1BFC63246AFD5143395D820742BC345
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0003.zip	--a---- 5378 bytes	[13:31 19/04/2013]	[13:31 19/04/2013] 3A931E5EEF37AB3A883221002199C5F5
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0000.zip	--a---- 8661 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] E7E170D6C5B2D152F9C4EF3DC4990C20
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0001.zip	--a---- 5249 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] F0129165522235C086C1CC3BB01E1E4B
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0002.zip	--a---- 5375 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] C1BFC63246AFD5143395D820742BC345
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0003.zip	--a---- 5378 bytes	[13:31 19/04/2013]	[13:31 19/04/2013] 3A931E5EEF37AB3A883221002199C5F5
C:\Users\Samed\Desktop\Musik\Celo & Abdi\Celo & Abdi - Mietwagentape\11 - Capo - OF Babylon (prod. by Razor).mp3	--a---- 3100692 bytes	[12:13 15/03/2011]	[06:47 14/01/2011] 9EEFA7BF6940BEC2C638E92379B34EBE

Searching for "*QuickStores*"
No files found.

Searching for "*adawaretb*"
No files found.

Searching for "*blekko*"
No files found.

Searching for "*Softonic*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2_dlc1\sound\ambient\ambience\conduit_rain.wav	--a---- 431494 bytes	[11:00 25/07/2012]	[11:00 25/07/2012] 1C37DF6A8D5ED9D8EAC4F0EB8C6B6D82
C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2_dlc3\sound\ambient\ambience\conduit_rain.wav	--a---- 431494 bytes	[10:14 25/07/2012]	[10:14 25/07/2012] 1C37DF6A8D5ED9D8EAC4F0EB8C6B6D82

Searching for "*sweetim*"
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0000.zip	--a---- 5207 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] 441F817624EE278CCE32ECA93F056D60
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0001.zip	--a---- 5199 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] A7D9CF4E1F83C5CA8FD2D2243AC43DDB
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0002.zip	--a---- 5325 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] 500C7DA869E1F044274E621913F0DB6F
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0003.zip	--a---- 5328 bytes	[13:31 19/04/2013]	[13:31 19/04/2013] 84F9F1DFF18A4C78AC7E4C852F803742
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SweetIM-0000.zip	--a---- 5207 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] 441F817624EE278CCE32ECA93F056D60
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SweetIM-0001.zip	--a---- 5199 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] A7D9CF4E1F83C5CA8FD2D2243AC43DDB
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SweetIM-0002.zip	--a---- 5325 bytes	[13:30 19/04/2013]	[13:30 19/04/2013] 500C7DA869E1F044274E621913F0DB6F
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SweetIM-0003.zip	--a---- 5328 bytes	[13:31 19/04/2013]	[13:31 19/04/2013] 84F9F1DFF18A4C78AC7E4C852F803742

========== folderfind ==========

Searching for "*babylon*"
No folders found.

Searching for "*QuickStores*"
No folders found.

Searching for "*foxydeal*"
No folders found.

Searching for "*safesearch*"
No folders found.

Searching for "*adawaretb*"
No folders found.

Searching for "*blekko*"
No folders found.

Searching for "*jpmbfleldcgkldadpdinhjjopdfpjfjp*"
No folders found.

Searching for "*Wajam*"
No folders found.

Searching for "*Softonic*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*sweetim*"
No folders found.

========== regfind ==========

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VBMZ]
"P1"="babylon"

Searching for "QuickStores"
No data found.

Searching for "foxydeal"
No data found.

Searching for "safesearch"
No data found.

Searching for "adawaretb"
[HKEY_CURRENT_USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\adawaretb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adawaretb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}]
"AppPath"="C:\Program Files (x86)\adawaretb"
[HKEY_USERS\S-1-5-21-205861873-3943885056-2705481813-1008\S-1-5-21-205861873-3943885056-2705481813-1008\Software\adawaretb]

Searching for "blekko"
No data found.

Searching for "jpmbfleldcgkldadpdinhjjopdfpjfjp"
No data found.

Searching for "Wajam"
No data found.

Searching for "Softonic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASMANCS]

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HotspotShield]
"installer"="HSS-2.88-install-elite-395-conduit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HotspotShield]
"client_tag"="elite-395-conduit"

Searching for "sweetim"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\SweetIM]
[HKEY_USERS\S-1-5-21-205861873-3943885056-2705481813-1008\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\SweetIM]

Searching for "         "
[HKEY_CURRENT_USER\Software\L4D2Loader]
"mutations"="s:5142:"<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l4d2mutations>
    <version>29</version>
    <mutation>
        <title>Realism Versus</title>
        <title_en>Realism Versus</title_en>
        <command>mutation12</command>
        <maps>versus</maps>
    </mutation>
    <mutation>
        <title>Versus Survival (Mut)</title>
        <title_en>Versus Survival (Mut)</title_en>
        <command>mutation15</command>
        <maps>survival</maps>
    </mutation>
    <mutation>
        <title>Ausbluten (Mut)</title>
        <title_en>Bleed Out (Mut)</title_en>
        <command>mutation3</command>
        <maps>coop</maps>
    </mutation>
    <mutation>
        <title>Follow the Liter (Mut)</title>
        <title_en>Follow the Liter (Mut)</title_en>
        <command>mutation13</command>
        <maps>scavenge</maps>
    </mutation>
    <mutation>
        <title>Gartenzwerg-Schutztrupp (Mut)</title>
        <title_en>Last Gnome on Earth (Mut)</ti
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
        <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3>
        <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p>
        <h3>Gute Gründe für den DivX Codec</h3>
        <ul>
            <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li>
            <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li>
            <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li>
        </ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Der DivX Plus Converter nimmt gängige Videoformate und erstellt auf einfache Weise DivX- oder DivX Plus-Dateien für Ihre DivX Certified®-Geräte.</p>
          <ul>
              <li>Konvertieren Sie die Formate per Drag-&-Drop in .divx (DivX-Video) und .mkv (DivX Plus-Video)</li>
              <li>Erstellen Sie fortschrittliche DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf</li>
              <li>Steuern Sie Ihre Dateien mit den fortschrittlichen Encoding-Optionen</li>
              <li>Vereinen Sie mehrere Videos zu einer .divx- oder .mkv-Datei</li>
              <li>Konvertieren Sie Video-Batches - selbst mit Videos unterschiedlicher Formate - in einer einzigen Sitzung</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Die DivX Plus-Software enthält alles, was Du für ein kinoähnliches Erlebnis auf Deinem Computer, in Deinem Wohnzimmer und unterwegs benötigst. Für ein optimales Erlebnis mit DivX-Videos <b>empfehlen wir die Komplettinstallation aller Komponenten</b>.</p>
        <h3>Mit DivX Plus-Software kannst Du:</h3>
        <ul>
          <li>Ruckelfreie HD-Videos auf Deinem Computer ansehen</li>
          <li>Videos mühelos an DivX Certified®-Geräte übertragen</li>
          <li>Die fortschrittlichen DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen, genießen</li>
          <li>DivX-Videos auf Deiner Website oder in Deinen Blog integrieren</li>
          <li>Dateien platzsparend in ein DivX-Video umwandeln oder auf DivX-Geräten wiedergeben</li>
        </ul>
        "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
          <p>Mit dem DivX Plus Codec Pack können Sie sich DivX-Videos in Deiner bevorzugten Drittanbieteranwendung ansehen.</p>
          <ul>
              <li>Geben Sie die Formate .divx, .avi und .mkv (DivX- und DivX Plus-Video) auf gängigen Media-Playern (wie beispielsweise dem Windows Media Player, QuickTime, Media Player Classic) wieder</li>
              <li>Erstellen Sie mit Drittanbietersoftware (beispielsweise Virtual Dub) .avi-Dateien (DivX-Video) </li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>DivX Plus Web Player bietet beim Streamen von Videos in HD an Ihren Lieblingsbrowser höchste Qualität.</p>
          <ul>
            <li>Streamen von .divx, .avi und .mkv (DivX- und DivX Plus-Videos) sowie von H.264 .mp4- und .mov-Filmen</li>
            <li>Ansehen von H.264-Videos mit HTML5 &lt;video&gt; in einem beliebigen Browser</li>
            <li>Nutzen der H.264-DXVA-Hardwarebeschleunigung für weniger CPU-Auslastung und Energieverbrauch</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EXPRESS&PROD_EXPRESS&REV_PMAP#96541300189A&0#]
"DeviceDesc"="EXPRESS         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NAVMAN&PROD_SDMMC&REV_#080056454E55535FEE44B058DB647811&1#]
"DeviceDesc"="SDMMC           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#351514044325202&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EXPRESS&PROD_EXPRESS&REV_PMAP#96541300189A&0#]
"DeviceDesc"="EXPRESS         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NAVMAN&PROD_SDMMC&REV_#080056454E55535FEE44B058DB647811&1#]
"DeviceDesc"="SDMMC           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#351514044325202&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EXPRESS&PROD_EXPRESS&REV_PMAP#96541300189A&0#]
"DeviceDesc"="EXPRESS         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NAVMAN&PROD_SDMMC&REV_#080056454E55535FEE44B058DB647811&1#]
"DeviceDesc"="SDMMC           "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#351514044325202&0#]
"DeviceDesc"="S60             "
[HKEY_USERS\S-1-5-21-205861873-3943885056-2705481813-1008\Software\L4D2Loader]
"mutations"="s:5142:"<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l4d2mutations>
    <version>29</version>
    <mutation>
        <title>Realism Versus</title>
        <title_en>Realism Versus</title_en>
        <command>mutation12</command>
        <maps>versus</maps>
    </mutation>
    <mutation>
        <title>Versus Survival (Mut)</title>
        <title_en>Versus Survival (Mut)</title_en>
        <command>mutation15</command>
        <maps>survival</maps>
    </mutation>
    <mutation>
        <title>Ausbluten (Mut)</title>
        <title_en>Bleed Out (Mut)</title_en>
        <command>mutation3</command>
        <maps>coop</maps>
    </mutation>
    <mutation>
        <title>Follow the Liter (Mut)</title>
        <title_en>Follow the Liter (Mut)</title_en>
        <command>mutation13</command>
        <maps>scavenge</maps>
    </mutation>
    <mutation>
        <title>Gartenzwerg-Schutztrupp (Mut)</title>
        

-= EOF =-
         

Geändert von Diggah187 (26.04.2013 um 12:11 Uhr)

Alt 26.04.2013, 13:51   #8
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Servus,



wir haben noch einiges zu tun. So gehts weiter:






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0

:files
C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}

:reg
[-HKEY_CURRENT_USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\adawaretb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adawaretb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HotspotShield]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\SweetIM]

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers






Schritt 3
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Wie läuft dein Rechner derzeit?
Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von MBAR,
  • die Logdatei des neuen OTL-Scans,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.04.2013, 16:44   #9
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: quickstores@quickstores.de:1.1.0 removed from extensions.enabledItems
========== FILES ==========
C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\U folder moved successfully.
C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891}\L folder moved successfully.
C:\Windows\Installer\{819a73af-6d8c-ad6d-9547-531350214891} folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\adawaretb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adawaretb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_xampp-windows_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HotspotShield\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-205861873-3943885056-2705481813-1008\Software\SweetIM\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: asd
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Dogan_nogaD
->Temp folder emptied: 0 bytes
 
User: iPhone
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Samed
->Temp folder emptied: 2084 bytes
->Temporary Internet Files folder emptied: 1327340 bytes
->Java cache emptied: 5605110 bytes
->FireFox cache emptied: 241663445 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10281404 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4337438 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 111855 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 251,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04262013_164212

Files\Folders moved on Reboot...
C:\Users\Samed\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Samed\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Samed :: MS [administrator]

26.04.2013 17:10:50
mbar-log-2013-04-26 (17-10-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30712
Time elapsed: 20 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\ÖÍÍÉ (Backdoor.Trace) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\ÖÍÍÉ|FirstExecution (Backdoor.Trace) -> Data: 18/01/2013 -- 23:01 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2013 17:34:51 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Samed\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,85% Memory free
8,00 Gb Paging File | 6,18 Gb Available in Paging File | 77,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,63 Gb Total Space | 71,98 Gb Free Space | 25,84% Space Free | Partition Type: NTFS
Drive M: | 132,48 Gb Total Space | 17,89 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive S: | 54,55 Gb Total Space | 47,76 Gb Free Space | 87,54% Space Free | Partition Type: NTFS
 
Computer Name: MS | User Name: Samed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
PRC - [2013.04.13 16:10:02 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.06.01 10:22:32 | 000,032,884 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0770Mon.exe
PRC - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2010.09.30 23:26:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 16:10:01 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.08.03 09:24:44 | 001,410,048 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011.04.11 17:32:56 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
MOD - [2011.04.11 17:32:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll
MOD - [2011.04.11 17:32:24 | 000,788,992 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011.04.11 17:32:16 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.13 16:10:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2012.07.03 16:07:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.05.24 17:32:46 | 001,899,896 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2012.05.24 17:32:36 | 003,312,504 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2012.02.14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.24 22:16:58 | 000,072,192 | ---- | M] (Palm) [Disabled | Stopped] -- C:\Programme\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV - [2010.11.11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.10 22:04:48 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013.02.22 03:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.20 17:21:43 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.11.20 17:21:43 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.11.16 13:17:05 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.01 10:32:38 | 000,379,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0770Vid.sys -- (V0770Vid)
DRV:64bit: - [2012.05.10 12:29:06 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2012.04.19 20:45:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.12.02 10:56:48 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.11 17:35:14 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.05.26 21:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.30 20:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2008.12.16 16:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.01.19 07:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007.08.22 16:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.20 11:33:00 | 000,016,896 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C2 81 73 7A 19 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Bfe0258ab-4f74-43a1-8781-bcdf340f9ee9%7D:2.6.4
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.5.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 18:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.19 15:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 16:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.04.03 13:58:27 | 000,000,000 | ---D | M]
 
[2012.01.21 15:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Extensions
[2013.04.25 21:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions
[2013.04.05 00:05:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.01.22 14:38:25 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2013.02.24 00:22:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.04 23:22:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Samed\AppData\Roaming\mozilla\Firefox\Profiles\8g2l7tli.default\extensions\ich@maltegoetz.de
[2013.03.31 22:34:09 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\smarterwiki@wikiatic.com.xpi
[2013.02.18 16:16:41 | 000,051,442 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\survey-remover@gmx.com.xpi
[2013.04.15 13:23:58 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.04.20 23:21:25 | 000,087,920 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013.04.16 13:24:03 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.22 15:09:59 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.04.14 01:41:19 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012.02.28 15:19:47 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
[2013.03.13 20:36:16 | 000,002,541 | ---- | M] () -- C:\Users\Samed\AppData\Roaming\mozilla\firefox\profiles\8g2l7tli.default\searchplugins\aol-search.xml
[2013.04.25 21:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.13 16:09:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.11 18:13:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.13 16:10:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.27 17:53:06 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.27 17:53:06 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.27 17:53:06 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.27 17:53:06 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.27 17:47:51 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.27 17:53:06 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samed\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Samed\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Samed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.26 12:34:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0770Ext.ax] C:\Windows\SysNative\V0770Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0770Ext.ax] C:\Windows\SysWOW64\V0770Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [V0770Mon.exe] C:\Windows\V0770Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify] C:\Users\Samed\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Samed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA8B4DA-5708-490B-97C5-7DBD430D8386}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 16:47:37 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\mbar-1.05.0.1001
[2013.04.26 16:42:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.26 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\txt
[2013.04.26 12:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.25 21:22:10 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\Samed\Desktop\ComboFix.exe
[2013.04.25 21:18:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.25 21:17:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.25 21:17:28 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Samed\Desktop\JRT.exe
[2013.04.25 17:58:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.21 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.21 12:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.21 12:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.20 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Samed\Desktop\CLA
[2013.04.19 16:00:43 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\LavasoftStatistics
[2013.04.19 16:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.19 15:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.19 15:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.19 15:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.19 15:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.19 15:56:43 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:56:41 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\Ad-Aware Antivirus
[2013.04.19 14:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.19 14:48:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.14 00:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.04.14 00:22:17 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\Programs
[2013.04.13 16:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.13 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 23:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler
[2013.04.12 23:40:14 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TeamViewer
[2013.04.12 23:38:51 | 004,889,704 | ---- | C] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.08 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\TP-LINK
[2013.04.08 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.04.08 20:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.04.08 20:52:56 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.04.08 20:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.04.05 22:03:57 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\Sony
[2013.04.05 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2013.04.03 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\iMacros
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Roaming\ESET
[2013.04.03 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Samed\AppData\Local\ESET
[2013.04.03 13:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.04.03 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Samed\Documents\ManiaPlanet
[2013.04.01 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2013.03.31 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Samed\.android
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 17:06:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008UA.job
[2013.04.26 16:51:13 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:51:13 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:47:33 | 012,917,756 | ---- | M] () -- C:\Users\Samed\Desktop\mbar-1.05.0.1001.zip
[2013.04.26 16:43:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.04.26 16:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 16:43:37 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 14:06:10 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-205861873-3943885056-2705481813-1008Core.job
[2013.04.26 12:50:17 | 000,165,376 | ---- | M] () -- C:\Users\Samed\Desktop\SystemLook_x64.exe
[2013.04.26 12:34:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.26 12:29:01 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.26 12:15:52 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\Samed\Desktop\ComboFix.exe
[2013.04.25 21:17:29 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Samed\Desktop\JRT.exe
[2013.04.25 21:12:23 | 005,005,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 21:12:02 | 617,701,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.25 20:59:05 | 000,619,461 | ---- | M] () -- C:\Users\Samed\Desktop\adwcleaner.exe
[2013.04.25 18:11:48 | 000,377,856 | ---- | M] () -- C:\Users\Samed\Desktop\gmer_2.1.19163.exe
[2013.04.25 18:10:44 | 000,000,000 | ---- | M] () -- C:\Users\Samed\defogger_reenable
[2013.04.25 18:10:26 | 000,050,477 | ---- | M] () -- C:\Users\Samed\Desktop\Defogger.exe
[2013.04.25 17:58:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samed\Desktop\OTL.exe
[2013.04.25 13:35:58 | 000,009,811 | ---- | M] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.21 20:11:56 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:55 | 001,669,632 | ---- | M] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:50 | 000,691,966 | ---- | M] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 15:56:43 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.19 15:33:01 | 000,000,000 | ---- | M] () -- C:\Users\Samed\Documents\update.ini
[2013.04.19 15:33:00 | 013,620,200 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\ts3client_win64.exe
[2013.04.19 15:33:00 | 000,229,864 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Samed\Documents\package_inst.exe
[2013.04.19 14:48:16 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | M] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,967 | ---- | M] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:39:05 | 004,889,704 | ---- | M] (TeamViewer GmbH) -- C:\Users\Samed\Desktop\TeamViewer_Setup_de.exe
[2013.04.12 23:08:15 | 000,002,358 | ---- | M] () -- C:\Users\Samed\Desktop\Google Chrome.lnk
[2013.04.12 22:18:53 | 000,002,253 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.07 15:09:41 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.07 15:09:41 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.07 15:09:41 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.07 15:09:41 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.07 15:09:41 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 17:30:41 | 000,000,222 | ---- | M] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2013.04.26 16:47:23 | 012,917,756 | ---- | C] () -- C:\Users\Samed\Desktop\mbar-1.05.0.1001.zip
[2013.04.26 12:50:18 | 000,165,376 | ---- | C] () -- C:\Users\Samed\Desktop\SystemLook_x64.exe
[2013.04.25 21:12:05 | 005,005,736 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 21:12:02 | 617,701,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.25 20:59:04 | 000,619,461 | ---- | C] () -- C:\Users\Samed\Desktop\adwcleaner.exe
[2013.04.25 18:11:48 | 000,377,856 | ---- | C] () -- C:\Users\Samed\Desktop\gmer_2.1.19163.exe
[2013.04.25 18:10:44 | 000,000,000 | ---- | C] () -- C:\Users\Samed\defogger_reenable
[2013.04.25 18:10:27 | 000,050,477 | ---- | C] () -- C:\Users\Samed\Desktop\Defogger.exe
[2013.04.25 13:35:58 | 000,009,811 | ---- | C] () -- C:\Users\Samed\Desktop\5_und_5.png
[2013.04.21 12:29:38 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1cefe8c0-f442-459a-a98f-b1b44c7c8a4d.job
[2013.04.21 12:29:37 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5ad90717-1218-4a6f-aecf-4afbcd15e4f9.job
[2013.04.21 12:29:27 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.20 13:19:48 | 001,669,632 | ---- | C] () -- C:\Users\Samed\Desktop\SteamInstall (2).msi
[2013.04.20 13:18:44 | 000,691,966 | ---- | C] () -- C:\Users\Samed\Desktop\GreenLuma-2.6.3-Steam006.rar
[2013.04.19 14:48:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.19 14:48:16 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 17:31:00 | 000,032,840 | ---- | C] () -- C:\Users\Samed\Desktop\KC-002_1.jpg
[2013.04.14 00:22:32 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.04.14 00:22:32 | 000,000,967 | ---- | C] () -- C:\Users\Samed\Desktop\Audacity.lnk
[2013.04.12 23:43:00 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
[2013.04.08 20:54:21 | 000,002,253 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:54:21 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.04.08 20:52:56 | 000,265,639 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.04.08 20:52:56 | 000,007,748 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.04.01 17:30:41 | 000,000,222 | ---- | C] () -- C:\Users\Samed\Desktop\TrackMania Stadium Open Beta.url
[2013.04.01 02:19:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:19:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.22 17:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Samed\Microsoft
[2013.02.11 00:31:57 | 000,019,635 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.01.29 20:47:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2013.01.27 17:48:01 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.12.27 18:16:31 | 000,019,296 | ---- | C] () -- C:\Users\Samed\Ohne Titel.vf
[2012.12.27 18:10:12 | 025,205,083 | ---- | C] () -- C:\Users\Samed\YouggggggTube_Upload.mp4
[2012.12.27 00:13:34 | 000,019,016 | ---- | C] () -- C:\Users\Samed\KURDO.vf
[2012.12.27 00:13:14 | 032,517,577 | ---- | C] () -- C:\Users\Samed\YouTube_Upload.mp4
[2012.09.06 13:57:26 | 004,399,616 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.08.19 12:49:30 | 000,008,704 | ---- | C] () -- C:\Users\Samed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 18:27:04 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.14 21:13:52 | 000,892,190 | ---- | C] () -- C:\Users\Samed\AppData\Local\census.cache
[2012.07.14 21:13:18 | 000,125,885 | ---- | C] () -- C:\Users\Samed\AppData\Local\ars.cache
[2012.07.14 21:06:30 | 000,000,036 | ---- | C] () -- C:\Users\Samed\AppData\Local\housecall.guid.cache
[2012.07.13 22:12:41 | 000,001,802 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.03 15:18:11 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.03 15:15:52 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 15:15:48 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.03 15:15:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.27 14:54:55 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012.06.14 16:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.06.10 02:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.03 16:21:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLib.dll
[2012.05.22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.08 17:00:55 | 000,007,210 | ---- | C] () -- C:\Users\Samed\.recently-used.xbel
[2012.03.01 18:35:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.25 20:38:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.25 20:38:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.25 20:38:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.25 20:38:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.25 20:38:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.04 20:11:43 | 002,109,440 | ---- | C] () -- C:\Users\Samed\test.h2.db
[2012.02.04 20:11:43 | 000,001,394 | ---- | C] () -- C:\Users\Samed\.h2.server.properties
[2012.02.04 20:11:42 | 000,000,103 | ---- | C] () -- C:\Users\Samed\test.lock.db
[2012.02.01 18:01:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.01 18:01:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.29 23:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.01.24 15:33:03 | 000,000,132 | ---- | C] () -- C:\Users\Samed\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.01.19 16:38:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2012.01.19 16:37:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.01.19 16:37:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.01.11 20:45:04 | 000,000,218 | ---- | C] () -- C:\Users\Samed\AppData\Local\recently-used.xbel
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.23 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.Comet
[2013.02.20 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.minecraft
[2012.03.30 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.platinum
[2012.03.15 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.techniclauncher
[2013.01.23 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\.terasology
[2013.04.19 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Ad-Aware Antivirus
[2013.04.14 00:29:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Audacity
[2012.05.18 21:37:08 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\avidemux
[2012.07.13 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\BTS
[2012.02.10 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Canneverbe Limited
[2012.02.21 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.21 01:50:39 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\CSS-WarFinder
[2013.01.27 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DAEMON Tools Lite
[2012.08.04 02:42:16 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DarknessII
[2012.02.08 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DAZ 3D
[2013.03.27 00:27:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Dojotech Software
[2012.09.22 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\DVDVideoSoft
[2012.11.12 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\EasyMP3Downloader
[2013.04.03 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ESET
[2013.01.24 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\FileZilla
[2012.04.06 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\fltk.org
[2012.05.25 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\FreeAudioPack
[2012.03.04 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\gtk-2.0
[2013.02.11 01:16:43 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\HLSW
[2013.03.07 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Hotspot Shield
[2012.08.19 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ImTOO
[2012.12.23 15:34:18 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\JasonRobitaille
[2012.08.10 01:29:01 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\MAGIX
[2013.01.06 05:23:08 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\MAXON
[2012.01.19 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Motorola
[2012.07.02 17:29:35 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Motorola Mobility
[2012.02.20 11:58:12 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\mp3DirectCut
[2012.07.03 17:14:56 | 000,000,000 | -HSD | M] -- C:\Users\Samed\AppData\Roaming\MSDCSC
[2012.01.13 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\NationRed
[2013.04.21 14:18:16 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Notepad++
[2013.01.27 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Octoshape
[2012.07.12 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\OpenOffice.org
[2013.01.27 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Opera
[2012.11.04 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\PDAppFlex
[2013.01.12 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\PhotoScape
[2012.06.18 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Propellerhead Software
[2012.02.13 17:43:18 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Publish Providers
[2012.05.04 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\REAPER
[2012.02.24 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\RotMG.Production
[2012.01.23 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Router Manager
[2012.09.28 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\RouterControl
[2013.01.06 05:10:47 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Sony
[2012.08.31 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Sony Creative Software Inc
[2013.04.25 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Spotify
[2012.07.05 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Steinberg
[2013.04.17 19:01:46 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TeamViewer
[2013.03.02 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TechSmith
[2012.05.18 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\ThePluginSite
[2013.04.11 11:50:05 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TP-LINK
[2012.07.15 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\TuneUp Software
[2012.05.24 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Tunngle
[2013.03.22 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Upgrade
[2013.01.27 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\uTorrent
[2012.11.15 18:14:37 | 000,000,000 | ---D | M] -- C:\Users\Samed\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >
         
--- --- ---

Alt 26.04.2013, 16:49   #10
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Servus,



gibts noch Probleme beim Spielen?





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.04.2013, 22:09   #11
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:76650B61 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: asd
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Dogan_nogaD
->Temp folder emptied: 0 bytes
 
User: iPhone
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Samed
->Temp folder emptied: 19926255 bytes
->Temporary Internet Files folder emptied: 207579 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 205791415 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1273 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 215,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04262013_180810

Files\Folders moved on Reboot...
C:\Users\Samed\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Samed\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.04

Code:
ATTFilter
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Samed :: MS [Administrator]

26.04.2013 18:16:24
mbam-log-2013-04-26 (18-16-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267198
Laufzeit: 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3f31626bd3225c4aa6275f56add8bb90
# engine=13705
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-26 08:48:01
# local_time=2013-04-26 10:48:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 17463 118639131 0 0
# compatibility_mode=8216 16776701 100 98 2018971 117022233 0 0
# scanned=343095
# found=0
# cleaned=0
# scan_time=15807
# nod_component=V3 Build:0x30000000
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 6.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Mozilla Firefox (20.0.1) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 27.04.2013, 09:54   #12
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 21 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
schneller Plugin-Test: PluginCheck





Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
  • Bitte besuche diese Seite von Adobe.
  • Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
  • Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
  • Installiere die neuste Version auf deinem Computer.





Schritt 3
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 4
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 5
  • Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein
  • Klicke dann links unten auf "Werkzeuge"
  • Klicke auf "Resident"
  • Das Häkchen bei Resident "TeaTimer" hinzufügen(Schutz aller Systemeinstellungen)
  • Spybot Search&Destroy schließen
  • Rechner neu starten.
    Bebilderte Anleitung.





Schritt 6
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links:
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.04.2013, 12:44   #13
Diggah187
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Hey M-K-D-B,

Danke! alles ist erledigt alles funktioniert.
Ich hab keine Fragen mehr.

Gruß
Diggah187

Alt 27.04.2013, 15:29   #14
M-K-D-B
/// TB-Ausbilder
 
Spiele minimieren sich von Selbst - Standard

Spiele minimieren sich von Selbst



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Spiele minimieren sich von Selbst
adobe, bho, desktop, eset smart security, firefox, google, hijack, hijackthis, internet, log, logfile, lsass.exe, microsoft, mozilla, performance, problem, security, seiten, software, spiele minimieren, spotify web helper, superantispyware, system, temp, updates, windows, winlogon, wmp



Ähnliche Themen: Spiele minimieren sich von Selbst


  1. Spiele minimieren sich von selbst!
    Log-Analyse und Auswertung - 10.01.2014 (8)
  2. Spiele minimieren sich von selbst bzw. Fenster wie zb. Firefox sind einfach inaktiv.
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (5)
  3. Spiele minimieren sich !
    Alles rund um Windows - 31.07.2013 (2)
  4. Spiele minimieren sich von Selbst -.-
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (1)
  5. Spiele minimieren sich grundlos !
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (6)
  6. Anwendungen im Vollbild wie zB. Spiele minimieren sich
    Netzwerk und Hardware - 26.06.2012 (7)
  7. Meine Spiele minimieren sich immer von selbst! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2011 (6)
  8. Werbepopups, iexplorer.exe öffnet sich, Wave-Sound aus und Spiele minimieren sich...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (1)
  9. Vollbildprogramme/Spiele minimieren sich automatisch
    Log-Analyse und Auswertung - 07.06.2010 (1)
  10. Spiele Minimieren sich einfach
    Log-Analyse und Auswertung - 12.02.2010 (4)
  11. Spiele minimieren sich automatisch
    Log-Analyse und Auswertung - 29.01.2010 (17)
  12. Spiele und Programme minimieren sich
    Plagegeister aller Art und deren Bekämpfung - 20.01.2009 (3)
  13. Spiele minimieren sich; Logfile
    Mülltonne - 14.05.2008 (0)
  14. Spiele Minimieren sich
    Log-Analyse und Auswertung - 28.09.2007 (1)
  15. Spiele minimieren sich
    Log-Analyse und Auswertung - 08.09.2007 (1)
  16. Spiele minimieren sich
    Log-Analyse und Auswertung - 17.05.2006 (1)
  17. Programme uns Spiele minimieren sich
    Log-Analyse und Auswertung - 16.05.2006 (12)

Zum Thema Spiele minimieren sich von Selbst - Hallo zusammen, mein Problem ist, dass sich das Spiel jedesmal nach ca. 1 Min von selbst minimiert. Manchmal öffnen sich auch irgendwelche Internet Seiten im Internet Explorer. Danke schonmal für - Spiele minimieren sich von Selbst...
Archiv
Du betrachtest: Spiele minimieren sich von Selbst auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.