| Inspheres | 15.03.2013 03:17 |
W32/Patched.UC
Hallo,
Bitte kann mir Jemand helfen diesen Trojaner zu entfernen... Wisst Ihr vllt. wie gefährlich bzw. schädlich dieser ist?
OTL Logfile:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 15.03.2013 02:39:20 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,86% Memory free
15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 513,80 Gb Free Space | 55,16% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.14 17:36:58 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.06 21:50:48 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013.03.06 21:50:48 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.02.08 15:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 17:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.14 20:10:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.09 15:06:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 15:06:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 15:06:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 15:06:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 15:06:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.21 07:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010.11.21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.14 17:37:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.14 17:37:04 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.14 17:36:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 22:01:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 13:51:02 | 000,815,560 | ---- | M] (MooSoft Development LLC) [Auto | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013.03.08 02:43:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 13:08:31 | 006,370,680 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.25 08:25:30 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.27 11:39:44 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 00:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 00:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.08 21:37:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.15 02:24:09 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.03.06 12:25:02 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.03.06 12:25:02 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.03.06 12:25:02 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.07.07 11:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011.07.07 11:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.27 03:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.01.27 03:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.16 10:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.27 11:13:42 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,278,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.09.27 11:13:42 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.09.27 11:13:42 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.09.27 11:13:42 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.09.27 11:13:42 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.09.27 11:13:42 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.07.13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010.05.27 04:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.15 12:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{438CB363-A94D-4AE3-8F99-E93393D46036}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}: "URL" = hxxp://www.bing.com/?cc=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114874&tt=4812_4&babsrc=HP_ss&mntrId=6cae971d0000000000003085a9b306e2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BF 44 DE BD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {50742086-32D3-4D7F-A73C-DDB2FBE0C4B3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114874&tt=4812_4&babsrc=SP_ss&mntrId=6cae971d0000000000003085a9b306e2
IE - HKCU\..\SearchScopes\{635848A3-D1A7-46BC-8420-67486A9326AA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d726b3b0-14b9-4002-b7e1-0715b1463e1c&apn_sauid=C0E071B3-258A-4A79-BCAB-93EBEBD4F6E0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: %7B30E08C68-889E-11E0-95EF-DA7E4824019B%7D:0.8
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.3.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.08 18:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 02:43:19 | 000,000,000 | ---D | M]
[2012.11.08 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.13 23:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.24 23:21:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.22 17:54:30 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\fastdial@telega.phpnet.us
[2013.03.13 20:19:39 | 000,000,000 | ---D | M] (Broowse2usavE) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\ltjvs@uuado.com
[2013.03.07 22:31:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\plugin@yontoo.com
[2013.03.14 00:06:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\86pxls80.default\extensions\toolbar@ask.com
[2013.03.02 18:53:46 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.11.10 18:37:02 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.05 23:14:15 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.10 18:38:22 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.11.18 19:12:07 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013.02.14 14:26:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.14 00:06:38 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.03.15 01:08:31 | 000,002,413 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\86pxls80.default\searchplugins\askcom.xml
[2013.03.13 22:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 02:43:19 | 000,000,000 | ---D | M] (onetab) -- C:\Program Files (x86)\mozilla firefox\extensions\onetab@onetab.net
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 18:47:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - Extension: Broowse2usavE = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnmmpjbdejkhnnelfbedfgjjndcgoid\1\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\User\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe (MooSoft Development LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F588EC-AE07-4195-B687-558D15AF45C5}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68BC08E5-948F-46C9-A38C-2B5C6470D767}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F2F196E-84B7-45A9-9B19-8450188E69D6}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269A833-C7A2-4185-B543-B9400327C755}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\progra~2\browse~1\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.15 01:51:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.03.14 22:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.14 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.14 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\thecleaner
[2013.03.14 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2013.03.14 18:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2013.03.14 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software
[2013.03.14 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.14 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.03.14 18:02:27 | 012,185,136 | ---- | C] (Simply Super Software ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira
[2013.03.14 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.13 23:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.03.13 23:59:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.13 23:59:29 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.13 23:59:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.13 23:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.13 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2013
[2013.03.13 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2013.03.13 21:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.13 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.13 20:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.03.13 20:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.03.13 20:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013.03.13 20:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013.03.13 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013.03.13 20:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broowse2usavE
[2013.03.13 20:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Broowse2usavE
[2013.03.13 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.03.13 19:17:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.03.13 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2013.03.13 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2013.03.13 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spectrasonics
[2013.03.13 17:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2013.03.13 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{F6D87D2D-FF75-4E85-9BC9-59FC2821F727}
[2013.03.13 00:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D899CDA-036D-4C16-BE9C-BE6CDE48A07B}
[2013.03.13 00:36:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Sounds
[2013.03.13 00:36:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2A6FB07-9A3C-440E-97E0-EB9B404F2A6B}
[2013.03.13 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Drop Squad Library
[2013.03.12 22:28:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2013.03.12 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2013.03.12 15:46:40 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.03.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.03.12 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.03.12 14:22:44 | 000,000,000 | ---D | C] -- C:\Users\User\Local Settings
[2013.03.12 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2013.03.12 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013.03.12 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2013.03.12 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.03.08 13:14:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.03.08 02:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yontoo
[2013.03.07 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.03.07 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.03.07 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.28 15:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.02.28 15:52:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.02.28 15:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013.02.28 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013.02.26 20:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56C5D4F0-9E6D-421F-AA70-A7EF727C1C69}
[2013.02.26 20:57:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F57C376F-E7ED-4527-9EE2-4D50799418BC}
[2013.02.26 20:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}
[2013.02.26 20:56:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3A409EC6-A047-4692-9F61-C2BBA9F5CA82}
[2013.02.26 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Samples
[2013.02.25 11:28:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.21 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\User\dubtrack
[2013.02.19 18:13:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Cubase Projekte
[2013.02.15 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VTrain
[2013.02.15 07:57:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VTrain
[2013.02.15 07:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTrain
[2013.02.15 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTrain
========== Files - Modified Within 30 Days ==========
[2013.03.15 02:35:57 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 02:35:57 | 000,026,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 02:28:05 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.15 02:27:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 02:27:52 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 02:05:53 | 000,000,168 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:25 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:10 | 000,377,856 | ---- | M] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.15 02:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 01:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.14 23:42:03 | 001,499,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 23:42:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 23:42:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 23:42:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 23:42:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.14 22:27:15 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:02:52 | 012,185,136 | ---- | M] (Simply Super Software ) -- C:\Users\User\Desktop\trjsetup683.exe
[2013.03.14 17:37:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.14 17:37:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.12 23:13:44 | 000,001,526 | ---- | M] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 16:23:07 | 343,905,537 | ---- | M] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.12 15:16:21 | 000,270,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 17:26:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | M] () -- C:\Users\User\Desktop\VTrain.lnk
========== Files Created - No Company Name ==========
[2013.03.15 02:05:53 | 000,000,168 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.15 02:03:24 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.03.15 02:02:09 | 000,377,856 | ---- | C] () -- C:\Users\User\Desktop\gmer_2.1.19155.exe
[2013.03.14 22:27:15 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.14 18:04:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\The Cleaner 9.lnk
[2013.03.14 18:03:05 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.03.14 18:03:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2013.03.14 18:03:04 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.03.13 22:15:26 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.12 23:13:44 | 000,001,526 | ---- | C] () -- C:\Users\User\Desktop\javvaheat.html
[2013.03.12 22:28:50 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2013.03.12 15:46:39 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.03.12 15:46:39 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.03.12 15:46:39 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.03.12 15:44:53 | 343,905,537 | ---- | C] () -- C:\Users\User\Desktop\javva heat.flv
[2013.03.11 22:42:48 | 005,097,142 | ---- | C] () -- C:\Users\User\Desktop\GoldLine.Presentation.2.2.de.pdf
[2013.03.08 13:14:54 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.03.07 22:31:25 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.07 22:31:25 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.07 22:31:25 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.27 17:26:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.26 20:57:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2013.02.15 07:57:48 | 000,000,924 | ---- | C] () -- C:\Users\User\Desktop\VTrain.lnk
[2012.12.03 15:11:47 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.25 21:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,021,036 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== ZeroAccess Check ==========
[2013.03.15 01:13:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{192a88a3-a51e-3828-ef01-79d659704214}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.03.15 02:27:56 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.03.15 02:27:56 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.01.27 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.11.28 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012.11.29 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.07 00:23:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitcoin
[2013.01.20 11:51:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2013.03.13 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.08 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2013.01.08 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.15 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ERS Game Studios
[2013.03.12 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2013.02.06 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iZotope
[2013.01.15 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2012.11.28 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2012.11.29 18:47:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OneTab
[2013.03.13 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2013.03.14 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Simply Super Software
[2013.03.13 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012.11.21 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steinberg
[2013.03.14 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\thecleaner
[2012.12.03 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2013.03.13 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.02.25 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VST3 Presets
[2013.02.15 08:00:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VTrain
[2013.03.15 01:42:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yontoo
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
--- --- ---
--- --- ---OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 15.03.2013 01:52:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,98% Memory free
15,96 Gb Paging File | 13,84 Gb Available in Paging File | 86,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 514,01 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive D: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 7,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{02ee9304-c7a4-49c8-9654-b53c19702ea9}" = Native Instruments Drop Squad Sounds
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{291BF86D-585D-47bb-BB79-86DE9D35A8BA}" = Native Instruments Maschine Controller MK2 Driver
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5D1224E0-6777-4536-9D72-B0E151ED8C99}" = Native Instruments Battery Library Importer for Maschine
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81387FD1-8CDD-4C1B-A2CB-BF06772092FE}" = Native Instruments Komplete 8
"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.04.1
"{88E45461-E8D2-4BCA-BDEC-0405E6FB4817}" = Native Instruments Transient Master
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AFAAEAF-7256-793D-AE2B-B4B2C5B3A807}" = AMD Catalyst Install Manager
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{cddf30cf-0b33-4080-99fa-092a5bc1988f}" = Native Instruments Drop Squad
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITE Infrared Transceiver
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}" = Vizzed Retro Game Room
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89286F5B-4B78-41DE-9982-B7AD010DE01B}" = *tmx englisch
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B1F7B1-9721-D228-F591-2C2A4695302C}" = Catalyst Control Center InstallProxy
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" =
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.9.95
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Doxillion" = Doxillion Document Converter
"ExpressBurn" = Express Burn
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"G-Force" = G-Force
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"iZotope Ozone 5 Advanced_is1" = iZotope Ozone 5 Advanced
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MixPad" = MixPad
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multi Virus Cleaner 2013_is1" = Multi Virus Cleaner 2013
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery Library Importer for Maschine" = Native Instruments Battery Library Importer for Maschine
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Drop Squad" = Native Instruments Drop Squad
"Native Instruments Drop Squad Sounds" = Native Instruments Drop Squad Sounds
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Komplete 8" = Native Instruments Komplete 8
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Maschine Controller MK2 Driver" = Native Instruments Maschine Controller MK2 Driver
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Transient Master" = Native Instruments Transient Master
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"Native Instruments West Africa" = Native Instruments West Africa
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OneTab" = OneTab
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Prism" = Prism Video File Converter
"SP_f2a323db" =
"The Cleaner_is1" = The Cleaner version 9
"Trojan Remover_is1" = Trojan Remover 6.8.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"VTrain_is1" = VTrain (Vokabeltrainer) 5.2
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Bitcoin" = Bitcoin
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2013 16:16:41 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x2a0 Startzeit der fehlerhaften Anwendung: 0x01ce20f0d758d65d Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 150c855e-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:17:41 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0xf00 Startzeit der fehlerhaften Anwendung: 0x01ce20f0fb339075 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 38e4de16-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:18:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x12dc Startzeit der fehlerhaften Anwendung: 0x01ce20f11f0e4a8e Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 5cc1f98f-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:19:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x1244 Startzeit der fehlerhaften Anwendung: 0x01ce20f142edc768 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 80a3d7c9-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:20:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x10f0 Startzeit der fehlerhaften Anwendung: 0x01ce20f166c91abf Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: a47a6860-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:21:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x13c0 Startzeit der fehlerhaften Anwendung: 0x01ce20f18aa3d4d8 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: c85783d9-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:22:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0x01ce20f1ae7f1b91 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: ec306932-8ce4-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:23:42 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x13bc Startzeit der fehlerhaften Anwendung: 0x01ce20f1d259d5aa Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 100d84ab-8ce5-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:24:43 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01ce20f1f6371834 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 33eac735-8ce5-11e2-a389-3085a9b306e2
Error - 14.03.2013 16:25:43 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dfc9f1 ID des fehlerhaften
Prozesses: 0x1104 Startzeit der fehlerhaften Anwendung: 0x01ce20f21a1433ad Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 57ca440e-8ce5-11e2-a389-3085a9b306e2
[ System Events ]
Error - 14.03.2013 20:15:14 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
Error - 14.03.2013 20:16:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 14.03.2013 20:16:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 14.03.2013 20:16:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 14.03.2013 20:16:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 14.03.2013 20:40:04 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
Error - 14.03.2013 20:41:22 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 14.03.2013 20:41:22 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 14.03.2013 20:41:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 14.03.2013 20:41:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003
Description =
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-15 02:38:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD10EARS-32MVWB0 rev.51.0AB51 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\kwtdapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[3368] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076831465 2 bytes [83, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768314bb 2 bytes [83, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [484] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [556] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [872] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [996] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [416] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1116] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1236] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [2144] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000070250000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2352] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IELowutil.exe [2832] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000070250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [3252] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000070250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe [4928] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000070250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4428] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000070250000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4024] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4132] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefdb80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832c1d2e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832c1d2e (not active ControlSet)
---- EOF - GMER 2.1 ----
--- --- --- |
Hinweise zum Ablauf