| orgalim1 | 05.01.2014 23:01 |
Logfiles(Programme OTL,defogger und gmer)
Ich habe seit einigen tagen das Problem , dass auf fast allen seiten werbelinks ´aufploppen´
und außerdem gibt es in Texten meist grüne links die ein Fenster mit Werbung erscheinen lassen.In diesem beitag stehen die logdateien von OTL defogger und Gmer. OTL:OTL Logfile: Code:
OTL logfile created on: 05.01.2014 22:20:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OEM\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,00 Gb Paging File | 2,58 Gb Available in Paging File | 64,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279,38 Gb Total Space | 186,07 Gb Free Space | 66,60% Space Free | Partition Type: NTFS
Drive D: | 101,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: OEM-PC | User Name: OEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.05 22:19:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Downloads\OTL (1).exe
PRC - [2013.12.18 22:55:48 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013.12.16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) -- C:\Programme\Hi-Rez Studios\HiPatchService.exe
PRC - [2013.12.06 02:30:04 | 000,040,448 | ---- | M] () -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.06.05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2002.07.11 13:49:14 | 000,045,056 | -H-- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
PRC - [2002.03.20 18:32:54 | 000,253,952 | ---- | M] (ABBYY (BIT Software)) -- C:\Programme\ABBYY FineReader 5.0 Sprint\CAgent.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.10.12 02:05:26 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013.10.12 02:05:23 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013.10.12 02:05:05 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013.10.12 02:04:58 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013.10.12 02:04:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013.10.12 02:04:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013.08.21 16:59:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013.08.21 00:27:47 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013.08.21 00:27:47 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll
MOD - [2013.08.21 00:27:39 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013.08.21 00:24:55 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013.08.21 00:24:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013.08.21 00:24:45 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013.08.21 00:24:40 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013.07.11 21:39:36 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Services (SafeList) ==========
SRV - [2013.12.16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Programme\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.12.06 02:30:04 | 000,040,448 | ---- | M] () [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013.11.26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.10.10 16:19:42 | 000,088,424 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Programme\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.07.01 20:35:12 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.04 08:17:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2013.04.24 09:18:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.06.27 15:19:45 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.02.01 02:31:00 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.03.18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 E5 DE 8E 21 4A CD 01 [binary data]
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=1cad855f000000000000fed111b3c68c
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=hp&installDate={installDate}"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.171_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OEM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BalancedWorlds.com/WebLauncher: C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ext@flash-Enhancer.com: C:\Program Files\AmiExt\flashEnhancer\ff [2014.01.04 23:35:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.21 19:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Extensions
[2014.01.04 23:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions
[2013.04.23 12:46:21 | 000,000,000 | ---D | M] (Wajam) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
[2012.12.17 21:00:13 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\ffxtlbr@incredibar.com
[2012.11.01 15:14:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\ffxtlbra@softonic.com
[2014.01.04 23:35:04 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\support@websteroidsapp.com
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\firefox\profiles\hhet4dre.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2014.01.04 23:35:12 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
File not found (No name found) -- C:\USERS\OEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHET4DRE.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://start.qone8.com/?type=hp&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: BrowserProtect (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: WebLauncher (Enabled) = C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Users\OEM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\
CHR - Extension: flash-Enhancer = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: Websteroids = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: Google Wallet = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Programme\AmiExt\flashEnhancer\ie\AmiBho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Programme\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ABBYY Community Agent] C:\Programme\ABBYY FineReader 5.0 Sprint\CAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LMPDPSRV] C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [Akamai NetSession Interface] C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [baeebdbeadac] C:\ProgramData\baeebdbeadac.exe ()
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1BD7C4-EC59-4007-993A-D91114848A3F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62AA40AE-7123-41C9-8FD3-3DFD8799D781}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.25 07:46:16 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2012.02.01 02:31:00 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8f9e3395-ef55-11e1-87ef-001966314452}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9e3395-ef55-11e1-87ef-001966314452}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{dc17916f-886f-11e1-b9b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc17916f-886f-11e1-b9b9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2012.02.01 02:31:00 | 004,917,144 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014.01.05 22:23:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL (2).exe
[2014.01.04 23:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014.01.04 23:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[2014.01.04 23:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lightspark 0.5.3-git
[2014.01.04 23:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\AmiExt
[2014.01.04 23:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014.01.04 23:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2014.01.04 23:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013.12.23 23:07:21 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\TS3Client
[2013.12.23 22:57:08 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.12.23 22:56:56 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
[2013.12.12 17:58:57 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.12.12 17:58:57 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.12.12 17:58:56 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.12.12 17:58:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.12.12 17:58:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013.12.12 17:58:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.12.12 17:58:55 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013.12.12 17:58:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.12.12 17:58:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.12.12 17:58:54 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.12.12 17:58:54 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013.12.12 17:58:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013.12.12 17:58:52 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.12.12 17:58:50 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.12.12 17:55:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.12.12 13:35:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.12.12 13:35:24 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.12 13:35:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.12.12 13:35:20 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.12.12 13:35:20 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.12 13:35:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.05 22:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL (2).exe
[2014.01.05 22:23:15 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.05 22:23:14 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.05 22:16:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.05 22:16:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014.01.05 22:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.05 22:15:49 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.05 22:14:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job
[2014.01.05 22:11:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.05 20:14:02 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job
[2013.12.30 19:40:34 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.30 19:40:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.30 19:40:34 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.30 19:40:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.23 22:57:09 | 000,001,215 | ---- | M] () -- C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
[2013.12.20 23:57:46 | 000,000,003 | ---- | M] () -- C:\Windows\System32\HRUPPROG.DIE.NOW
[2013.12.17 19:23:02 | 000,010,110 | ---- | M] () -- C:\Users\OEM\Documents\Französisch.odt
[2013.12.17 18:36:07 | 000,009,603 | ---- | M] () -- C:\Users\OEM\Documents\untitled_0.odt
[2013.12.12 18:55:04 | 000,294,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.01.04 23:34:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.12.23 22:57:09 | 000,001,215 | ---- | C] () -- C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
[2013.12.20 23:57:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\HRUPPROG.DIE.NOW
[2013.12.17 19:23:00 | 000,010,110 | ---- | C] () -- C:\Users\OEM\Documents\Französisch.odt
[2013.12.17 18:47:52 | 000,009,603 | ---- | C] () -- C:\Users\OEM\Documents\untitled_0.odt
[2013.10.30 16:08:09 | 000,000,006 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\WBPU-TTL.DAT
[2013.10.30 16:08:08 | 000,000,095 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\WB.CFG
[2013.08.23 13:48:09 | 000,055,296 | ---- | C] () -- C:\ProgramData\qxiedxmtobqnpxp
[2013.08.23 13:38:05 | 000,057,856 | ---- | C] () -- C:\ProgramData\pmfoiwsqwyeqhdp
[2013.08.23 13:38:05 | 000,000,219 | ---- | C] () -- C:\ProgramData\baeebdbeadac.cfg
[2013.08.23 13:37:35 | 000,269,312 | ---- | C] () -- C:\ProgramData\baeebdbeadac.exe
[2012.12.26 12:13:45 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.11.20 13:57:18 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.11.20 13:57:18 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.11.20 13:57:17 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.11.20 13:57:17 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.08.19 22:02:10 | 000,007,616 | ---- | C] () -- C:\Users\OEM\AppData\Local\Resmon.ResmonCfg
[2012.07.08 13:15:32 | 000,003,584 | ---- | C] () -- C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.27 15:19:45 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012.06.27 15:19:45 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.05 09:03:55 | 000,000,268 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\LMCPaper.dat
[2012.05.05 08:30:05 | 000,003,932 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\LMLayout.dat
[2012.05.05 08:15:50 | 000,000,019 | ---- | C] () -- C:\Windows\vaLangChoice.ini
[2012.05.05 08:15:04 | 000,000,150 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.17 10:31:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ReinstallCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\HideIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ShowIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\shell\open\command\\: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ReinstallCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\HideIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ShowIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\shell\open\command\\: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BB1102D7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
--- --- --- defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:35 on 05/01/2014 (OEM)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Gmer:
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-05 23:34:41
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Maxtor_6L300R0 rev.BAJ41G20 279,48GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OEM\AppData\Local\Temp\uwldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8303B9A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8305B512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91830000, 0x130E98, 0xE8000020]
---- EOF - GMER 2.1 ----
--- --- --- FRST - Editor:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by OEM (administrator) on OEM-PC on 05-01-2014 23:46:48
Running from C:\Users\OEM\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
(DeviceGuys) C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\vsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Akamai Technologies, Inc.) C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Users\OEM\Desktop\Defogger.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\OEM\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ABBYY Community Agent] - C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe [253952 2002-03-20] (ABBYY (BIT Software))
HKLM\...\Run: [LMPDPSRV] - C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe [45056 2002-07-11] (DeviceGuys)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKCU\...\Run: [Google Update] - C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-27] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [baeebdbeadac] - C:\ProgramData\baeebdbeadac.exe [269312 2013-08-23] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
MountPoints2: {8f9e3395-ef55-11e1-87ef-001966314452} - E:\INSTALL.EXE
MountPoints2: {dc17916f-886f-11e1-b9b9-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: c:\progra~2\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x29E5DE8E214ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=1cad855f000000000000fed111b3c68c
BHO: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default
FF user.js: detected! => C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\user.js
FF Homepage: hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=hp&installDate={installDate}
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.171_0\npsoe.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\OEM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: incredibar.com - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\ffxtlbr@incredibar.com
FF Extension: softonic.com - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\ffxtlbra@softonic.com
FF Extension: Websteroids - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\support@websteroidsapp.com
FF Extension: Wajam - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: Movie2kDownloader - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files\AmiExt\flashEnhancer\ff
FF Extension: flash-Enhancer - C:\Program Files\AmiExt\flashEnhancer\ff
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Perion plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (BrowserProtect) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (WEBZEN Browser Extension) - C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
CHR Plugin: (WebLauncher) - C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
CHR Plugin: (Google Update) - C:\Users\OEM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Extended Protection) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (flash-Enhancer) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0
CHR Extension: () - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0
CHR Extension: (Google Wallet) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\OEM\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\
CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\OEM\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [eekenbbpcpcniaemgikmjacjpbfnnnlk] - C:\ProgramData\ADDICT-THING\eekenbbpcpcniaemgikmjacjpbfnnnlk.crx
CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx
CHR HKLM\...\Chrome\Extension: [golgkiejijdbdpkkjkjcjlpcpcklkhlh] - C:\ProgramData\ADDICT-THING\golgkiejijdbdpkkjkjcjlpcpcklkhlh.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-12-16] (Hi-Rez Studios)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-06] ()
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2012-06-27] ()
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-04-24] (Malwarebytes Corporation)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
S3 athur; system32\DRIVERS\athur.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
U3 uwldapow; \??\C:\Users\OEM\AppData\Local\Temp\uwldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-05 23:46 - 2014-01-05 23:47 - 00017637 _____ C:\Users\OEM\Downloads\FRST.txt
2014-01-05 23:46 - 2014-01-05 23:46 - 00000000 ____D C:\FRST
2014-01-05 23:43 - 2014-01-05 23:43 - 01064805 _____ (Farbar) C:\Users\OEM\Downloads\FRST (1).exe
2014-01-05 23:34 - 2014-01-05 23:34 - 00000733 _____ C:\Users\OEM\Desktop\GMER.log
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 ____D C:\Users\OEM\Desktop\Neuer Ordner
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 _____ C:\Users\OEM\defogger_reenable
2014-01-05 22:34 - 2014-01-05 22:34 - 00000240 _____ C:\Users\OEM\Desktop\defogger_enable.log
2014-01-05 22:33 - 2014-01-05 23:04 - 00000468 _____ C:\Users\OEM\Desktop\defogger_disable.log
2014-01-05 22:33 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Desktop\gmer_2.1.19163.exe
2014-01-05 22:33 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Desktop\Defogger.exe
2014-01-05 22:31 - 2014-01-05 22:31 - 00071668 _____ C:\Users\OEM\Downloads\Extras.Txt
2014-01-05 22:28 - 2014-01-05 22:36 - 00113724 _____ C:\Users\OEM\Downloads\OTL.Txt
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (2).exe
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Desktop\OTL (2).exe
2014-01-05 22:18 - 2014-01-05 22:19 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (1).exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Downloads\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Downloads\Defogger.exe
2014-01-05 22:00 - 2014-01-05 22:01 - 01064761 _____ (Farbar) C:\Users\OEM\Downloads\FRST.exe
2014-01-04 23:45 - 2014-01-04 23:45 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-04 23:36 - 2014-01-04 23:36 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Updater
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\Program Files\AmiExt
2014-01-04 23:34 - 2014-01-05 22:35 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-04 23:31 - 2014-01-04 23:32 - 00402472 _____ (Amônétízé Ltd) C:\Users\OEM\Downloads\FlashPlayer__4072_i234259464_il11.exe
2014-01-03 17:36 - 2014-01-05 22:15 - 00000448 _____ C:\Windows\setupact.log
2014-01-03 17:36 - 2014-01-03 17:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 13:49 - 2014-01-05 23:35 - 00233137 _____ C:\Windows\WindowsUpdate.log
2014-01-01 22:28 - 2014-01-01 22:28 - 00019031 _____ C:\Users\OEM\Downloads\DragonNestEUSetup63.exe.torrent
2013-12-23 23:07 - 2013-12-27 04:26 - 00000000 ____D C:\Users\OEM\AppData\Roaming\TS3Client
2013-12-23 22:57 - 2013-12-23 22:57 - 00001215 _____ C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
2013-12-23 22:57 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-23 22:56 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
2013-12-23 22:45 - 2013-12-23 22:46 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\OEM\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-20 23:57 - 2013-12-27 05:28 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-20 23:57 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.DIE.NOW
2013-12-20 14:57 - 2013-12-20 14:57 - 00000200 _____ C:\Windows\system32\config\game.cfg
2013-12-17 19:23 - 2013-12-17 19:23 - 00010110 _____ C:\Users\OEM\Documents\Französisch.odt
2013-12-17 18:47 - 2013-12-17 18:36 - 00009603 _____ C:\Users\OEM\Documents\untitled_0.odt
2013-12-17 18:41 - 2013-12-17 18:42 - 45687999 _____ C:\Users\OEM\Downloads\LanguageTool-2.3.oxt
2013-12-12 19:00 - 2013-12-24 14:06 - 02304092 _____ () C:\Users\OEM\Downloads\TechnicLauncher (5).exe
2013-12-12 17:58 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 17:58 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 17:58 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 17:58 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 17:58 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 17:58 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 17:58 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 17:58 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 17:58 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 17:58 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 17:58 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 17:58 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 17:58 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 17:58 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 17:58 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 17:58 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 17:58 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 17:58 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 17:58 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 17:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 17:55 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 13:35 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 13:35 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 13:35 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 13:35 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 13:35 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 13:35 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 13:35 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 13:35 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 13:35 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 13:35 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 13:35 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 20:07 - 2013-12-09 20:10 - 00000000 ____D C:\Program Files\GUM78FA.tmp
==================== One Month Modified Files and Folders =======
2014-01-05 23:47 - 2014-01-05 23:46 - 00017637 _____ C:\Users\OEM\Downloads\FRST.txt
2014-01-05 23:46 - 2014-01-05 23:46 - 00000000 ____D C:\FRST
2014-01-05 23:43 - 2014-01-05 23:43 - 01064805 _____ (Farbar) C:\Users\OEM\Downloads\FRST (1).exe
2014-01-05 23:35 - 2014-01-03 13:49 - 00233137 _____ C:\Windows\WindowsUpdate.log
2014-01-05 23:34 - 2014-01-05 23:34 - 00000733 _____ C:\Users\OEM\Desktop\GMER.log
2014-01-05 23:16 - 2013-03-13 15:52 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Skype
2014-01-05 23:14 - 2012-11-27 19:28 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job
2014-01-05 23:11 - 2013-04-22 17:23 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 23:04 - 2014-01-05 22:33 - 00000468 _____ C:\Users\OEM\Desktop\defogger_disable.log
2014-01-05 22:36 - 2014-01-05 22:28 - 00113724 _____ C:\Users\OEM\Downloads\OTL.Txt
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 ____D C:\Users\OEM\Desktop\Neuer Ordner
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 _____ C:\Users\OEM\defogger_reenable
2014-01-05 22:35 - 2014-01-04 23:34 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-05 22:35 - 2012-04-17 10:40 - 00000000 ____D C:\Users\OEM
2014-01-05 22:34 - 2014-01-05 22:34 - 00000240 _____ C:\Users\OEM\Desktop\defogger_enable.log
2014-01-05 22:31 - 2014-01-05 22:31 - 00071668 _____ C:\Users\OEM\Downloads\Extras.Txt
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (2).exe
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Desktop\OTL (2).exe
2014-01-05 22:23 - 2009-07-14 05:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 22:23 - 2009-07-14 05:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 22:19 - 2014-01-05 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (1).exe
2014-01-05 22:16 - 2013-04-22 17:23 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 22:16 - 2012-05-18 15:03 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-05 22:15 - 2014-01-03 17:36 - 00000448 _____ C:\Windows\setupact.log
2014-01-05 22:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 22:06 - 2014-01-05 22:33 - 00377856 _____ C:\Users\OEM\Desktop\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:33 - 00050477 _____ C:\Users\OEM\Desktop\Defogger.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Downloads\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Downloads\Defogger.exe
2014-01-05 22:01 - 2014-01-05 22:00 - 01064761 _____ (Farbar) C:\Users\OEM\Downloads\FRST.exe
2014-01-05 20:14 - 2012-11-27 19:28 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job
2014-01-05 19:06 - 2012-06-29 18:18 - 00000000 ____D C:\Users\OEM\AppData\Local\PMB Files
2014-01-05 19:06 - 2012-06-29 18:18 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-04 23:45 - 2014-01-04 23:45 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-04 23:36 - 2014-01-04 23:36 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Updater
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\Program Files\AmiExt
2014-01-04 23:34 - 2013-04-23 12:44 - 00000000 ____D C:\Users\OEM\AppData\Local\SwvUpdater
2014-01-04 23:32 - 2014-01-04 23:31 - 00402472 _____ (Amônétízé Ltd) C:\Users\OEM\Downloads\FlashPlayer__4072_i234259464_il11.exe
2014-01-03 17:36 - 2014-01-03 17:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 22:28 - 2014-01-01 22:28 - 00019031 _____ C:\Users\OEM\Downloads\DragonNestEUSetup63.exe.torrent
2013-12-31 20:26 - 2013-08-23 16:01 - 00000000 ____D C:\Users\OEM\AppData\Roaming\.minecraft
2013-12-30 19:40 - 2010-11-20 22:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 05:28 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-27 04:26 - 2013-12-23 23:07 - 00000000 ____D C:\Users\OEM\AppData\Roaming\TS3Client
2013-12-26 20:39 - 2013-11-22 21:58 - 00000000 ____D C:\Users\OEM\AppData\Roaming\.technic
2013-12-24 14:06 - 2013-12-12 19:00 - 02304092 _____ () C:\Users\OEM\Downloads\TechnicLauncher (5).exe
2013-12-23 22:57 - 2013-12-23 22:57 - 00001215 _____ C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
2013-12-23 22:57 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-23 22:57 - 2013-12-23 22:56 - 00000000 ____D C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
2013-12-23 22:46 - 2013-12-23 22:45 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\OEM\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-20 23:57 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.DIE.NOW
2013-12-20 14:57 - 2013-12-20 14:57 - 00000200 _____ C:\Windows\system32\config\game.cfg
2013-12-20 12:51 - 2013-03-13 15:52 - 00000000 ___RD C:\Program Files\Skype
2013-12-20 12:51 - 2013-03-13 15:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-18 18:14 - 2013-11-24 17:23 - 00000000 ____D C:\Users\OEM\Downloads\Neverwinter_de
2013-12-17 19:23 - 2013-12-17 19:23 - 00010110 _____ C:\Users\OEM\Documents\Französisch.odt
2013-12-17 18:42 - 2013-12-17 18:41 - 45687999 _____ C:\Users\OEM\Downloads\LanguageTool-2.3.oxt
2013-12-17 18:36 - 2013-12-17 18:47 - 00009603 _____ C:\Users\OEM\Documents\untitled_0.odt
2013-12-14 01:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:55 - 2009-07-14 05:33 - 00294528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 18:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 17:58 - 2013-08-21 00:25 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 17:56 - 2007-06-25 23:50 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-09 20:10 - 2013-12-09 20:07 - 00000000 ____D C:\Program Files\GUM78FA.tmp
2013-12-06 14:18 - 2012-11-27 19:30 - 00002346 _____ C:\Users\OEM\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\baeebdbeadac.exe
C:\ProgramData\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-24 21:26
==================== End Of Log ============================
--- --- ---
--- --- ---
Addition - Editor: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by OEM at 2014-01-05 23:47:52
Running from C:\Users\OEM\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
ABBYY FineReader 5.0 Sprint (Version: 5.0.0.22227 - ABBYY Software House)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04 - Adobe Systems Incorporated)
AION Free-to-Play (Version: - Gameforge)
Akamai NetSession Interface (Version: - )
Akamai NetSession Interface (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70928.1538 - Advanced Micro Devices, Inc.) Hidden
Arc (Version: 1.0.0.5510 - Perfect World Entertainment)
Belkin USB Wireless Adapter (Version: 1.0.0.12 - Belkin)
Belkin USB Wireless Adapter (Version: 1.0.0.12 - Belkin) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0928.1532.26058 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.00 - Piriform)
Duel of Champions (Version: - Ubisoft)
flash-Enhancer (Version: 2.1 - flash-Enhancer.com)
Gameforge Live 1.9.0 "Legend" (Version: 1.9.0 - Gameforge)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0 - Hi-Rez Studios)
Internet Updater (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
League of Legends (Version: 1.3 - Riot Games)
Lightspark 0.5.3-git (Version: 0.5.3-git - Lightspark Team)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA PhysX (Version: 9.09.0428 - NVIDIA Corporation)
OpenOffice.org 3.4 (Version: 3.4.9590 - OpenOffice.org)
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (Version: 1.1.3.8 - ) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
Tribes Ascend (Version: 1.0.1268.1 - Hi-Rez Studios)
Unity Web Player (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Updater (Version: 2.6.53 - Creative Island Media, LLC)
ViewAhead Photo Center (Version: - )
Websteroids (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
15-12-2013 18:00:11 Windows-Sicherung
17-12-2013 11:37:23 Windows Update
20-12-2013 14:00:44 Windows Update
22-12-2013 18:00:18 Windows-Sicherung
24-12-2013 12:53:01 Windows Update
27-12-2013 18:13:45 Windows Update
29-12-2013 20:18:37 Windows-Sicherung
31-12-2013 14:29:13 Windows Update
03-01-2014 16:42:49 Windows Update
05-01-2014 18:00:39 Windows-Sicherung
05-01-2014 21:22:45 OTL Restore Point - 05.01.2014 22:22:42
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {240FB945-7244-4F13-A68D-DA963D0C3B05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {4E031782-38E0-4ACF-B155-8FA219682C78} - System32\Tasks\{04FE97FA-CB65-481E-92DE-82605C35E171} => C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
Task: {661FCE05-B2B0-42E9-916C-F7D133B2D44B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68829A11-C466-4E95-BF40-35B60FC0D70E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {719C2E94-42CA-42CE-8501-52C327009399} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {8C2F16B6-0322-4050-BBF8-1268CCC4BD0B} - System32\Tasks\Google Updater and Installer => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {B40BED84-7A58-4213-ADC7-8536318734A8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {DD2EE5D8-8ACA-40DF-AD80-6758E99263EA} - System32\Tasks\AmiUpdXp => C:\Users\OEM\AppData\Local\SwvUpdater\Updater.exe [2014-01-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E5C402F3-AC59-420A-816B-8AF93890BD18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {E7A5BEAF-CCC5-43B7-81E7-1B3B054111E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\OEM\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 14:18 - 2013-12-04 03:47 - 00702416 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 14:18 - 2013-12-04 03:47 - 00099792 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 04055504 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 00399312 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 14:18 - 2013-12-04 03:47 - 01619408 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 13586896 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:BB1102D7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2014 10:17:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2014 04:02:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CAgent.exe, Version: 5.0.0.426, Zeitstempel: 0x3c98aba5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x87c
Startzeit der fehlerhaften Anwendung: 0xCAgent.exe0
Pfad der fehlerhaften Anwendung: CAgent.exe1
Pfad des fehlerhaften Moduls: CAgent.exe2
Berichtskennung: CAgent.exe3
Error: (01/05/2014 03:48:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 W
Ich würde mich über eure Hilfe sehr freuen. :heilig:
orgalim1 |
FRST 32-Bit | FRST 64-Bit
Lesestoff: