Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: keylogger facemoods

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.09.2012, 16:36   #1
holymoly
 
keylogger facemoods - Standard

keylogger facemoods



Lieber Trojanerboard Mitarbeiter,

mein virus ist ziemlich sicher ein keylogger weil bei mir jetzt schon der zweite account zu einem MMO gehackt worden ist. Ausserdem öffnen sich bei meinem chrome browser ständig: facemoods, babylon, und Iminent toolbar links egal wie oft ich sie lösche.
Mein Viren scanner ist avast. Der findet aber keine viren. Ausserdem hab ich Malwarebytes jetzt drüberlaufen lassen aber versehentlich die 4 ergebnisse die er gefunden hat gelöscht. Hat aber nix gebracht sogar die toolbars sind noch da und der keylogger bestimmt auch.
Wenn ich mein problem google finde ich nur auf 3 seiten links dazu und die sind spanisch was wohl heisst das entwieder noch niemand das problem hatte oder das mein browser auch verseucht ist. Bim mittlerweile sogar schon so paranoid das ich glaube das der keylogger meinen email account beeinträüchtigt.

Bitte um Hilfe und schonmal vielen Dank im vorraus.

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.09.2012 17:19:54 - Run 1
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\ivo\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,25% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 815,23 Gb Free Space | 87,53% Space Free | Partition Type: NTFS
Drive F: | 524,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 7,48 Gb Total Space | 6,25 Gb Free Space | 83,61% Space Free | Partition Type: FAT32
 
Computer Name: IVO-PC | User Name: ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D3FF6C-8C71-4A0A-A9B2-5AB163A0DF41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07193AC8-B984-49FF-8822-49797CC06785}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0B6DE21F-F6E9-4AB0-B001-B40CCEC5E149}" = lport=138 | protocol=17 | dir=in | app=system | 
"{10B9DB0E-B34F-4DD9-AB36-2111F4D660FA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{191B0193-EE06-405D-8B7C-48785C3D149F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{240DF403-D056-44EC-BE57-E1E654666015}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3907C9DE-DC92-4A27-BA28-5395CF8BC57F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3A9CB0CD-78AE-410E-9C25-2CCF84CC2F7B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{537C2058-6B2C-4D34-BD6A-2543CFCF0496}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59106C04-637C-4BAC-A1A3-27553F3C5CCF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5F98EF75-6C6D-4E15-A927-E6D0CBA50FC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A40548F-C5A1-429E-BA30-5A167AE0FC99}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C050D1F-2EE8-4982-BDCE-A15FC08BAB51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FA24485-A499-48EE-8107-CEED93A86D15}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{77B105FA-DFBA-41DD-8D65-05A0AFF210BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8BBD7E2B-EC28-450C-B889-A9D5781D46D9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{999FFBF8-932D-412E-9403-E58F1B6E605D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A09CAA76-C148-481C-B341-6F800D47C3C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5FD6855-00B0-499F-A898-FF2B2E03F583}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BA56AC29-5A40-42E7-9F1E-5036859845E7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4A68B2C-760F-4925-BC14-C1E116CF1DBC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB23B3C7-5DF1-407B-BEB7-FFABE96F08DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CEE691-883D-4140-937B-665B1AE844CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10A46366-9697-4A07-8BC8-5157A214ADE3}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{121E4479-D9DC-4E3B-9F2D-8C6B7405725F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1DE3A7F6-3952-49CC-A416-218C4740EEDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2051534A-C02D-4089-BFA4-4A4ADACF6643}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{28C77685-AE12-48F9-93A7-1E344C5C2E35}" = protocol=6 | dir=in | app=b:\games\steam\steam.exe | 
"{2CA65DEF-97D1-4ECE-9204-F2B8BE67FD25}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2D3C42A3-F5A9-491A-B762-C92F036DDD1D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{361AD267-3011-4EBD-86FF-5195C023FA1B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{3D6638C1-FEFE-44AF-B9FE-B7986B64C989}" = protocol=17 | dir=in | app=b:\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{400BB7FD-F283-42D7-9A09-A4530AD64BDF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{42D1FD9A-5D50-4700-A985-332DCBF2294B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C1A224B-D47A-46E8-8582-34CD56CF9580}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{4C4CD57F-8746-471E-8BEF-F36D1616E8D4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{558E2A71-C879-4377-8502-7EF314A4EB20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58F8DF5D-2A93-421E-A742-A81E5BD8115E}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{5D7BD21F-8E5A-4F41-B348-C8BF539C0F96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6907BF7E-ADCC-434D-805A-4662093CF639}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{6A09B260-3DF0-4EE0-96C5-DD15C27D898F}" = protocol=17 | dir=in | app=b:\games\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{734AC96C-B8E7-4647-AE79-85D19A06BF0A}" = protocol=6 | dir=in | app=b:\games\shank 2\bin\shank2.exe | 
"{73D80B3B-5815-41CE-AD5D-AA4C476632C4}" = protocol=17 | dir=in | app=b:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{75B9E1FF-A694-4299-93AE-1B3E5AD7E28E}" = protocol=6 | dir=in | app=b:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{75F47209-842A-42FC-A5D8-B73909C26A89}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{773C2820-B35D-41CC-B148-76F38E01970F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{7B8D737C-EB32-4191-B72E-128432AAD6EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{7F6E98DB-78AD-4326-BA37-AE0DA3A88B92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{824EFB8E-4DA7-4EE9-8A07-01E76402B428}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{83095D17-F6B0-42D8-94D4-68E29CBD1DCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{853BA01B-C941-475F-8DF0-5989C4C4091D}" = protocol=17 | dir=in | app=b:\games\shank 2\bin\shank2.exe | 
"{91136BEC-A6B5-4640-9D91-354C79640D7E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{93164F08-0B49-4DFB-97E8-CFD1DFDB2AE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{96F681C1-0930-4837-BC58-945CE00D66B5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9E30B91D-3905-4FEA-8596-074633B4F6C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A14C8B77-324F-43FA-B377-14278E14C7AF}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A271D067-2F89-49EC-8BB0-9F870B82BA06}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{A3D2F59D-C3F5-4F5B-B0F3-86E024034767}" = protocol=17 | dir=in | app=b:\games\steam\steam.exe | 
"{A93E152F-D747-4915-A5E0-904C06409B61}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{AE5EA3D4-214C-4549-A456-A0340681A885}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B05600C2-3839-4167-AB46-412821A824BB}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{B4B13FE6-B2D1-42A2-965A-1A1149162E80}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{B52DB754-01F0-4A29-A513-A814FA5D65FC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{B9111BA8-8A60-46B6-9F29-317E1F2DD7CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C91987AE-AD8C-40D4-B1AB-7C1E881C9615}" = protocol=6 | dir=in | app=b:\games\steam\steamapps\common\magic 2013\dotp_d13.exe | 
"{CD13C2F5-6C9B-4DF3-AE7A-4A9E4FB0C1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{CDA9762D-8078-44F1-8C1B-E4AD33776D1B}" = protocol=6 | dir=out | app=system | 
"{D2D54EA0-6368-428A-B5D1-34A8AFC79A72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D722162F-7DB2-4D53-BBB6-B3C5CA82CA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{D8ED090F-DE1B-4E9F-BBBA-04A5C8E55402}" = protocol=6 | dir=in | app=b:\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DA0D2914-4439-4E30-BD10-DBFC50B5700B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA115535-F40E-480B-8A42-995F87755C5C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{DD60AE0D-01A5-437E-BB6B-6A15A706B732}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD8EA512-D7A7-4B01-B0AA-E94DD149BB2F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{E6C529C5-FC8C-4A61-A2B9-1CD183230DEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8940C7F-405A-4C27-9AAE-DADA19DACD3B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{EA7ABC45-AB49-440C-AA6D-B635E74C4DE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{ECD12174-3048-4D98-A32E-986C1858DEEA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{ED887179-72DA-49CF-96A1-532E85777821}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{F2B96C79-65EE-4684-98CB-DE4B8AD14138}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{F85EC0FD-6B8F-4D8D-8B99-E63DE4E263A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F92D7A20-7807-4709-BE52-B3A41DA883D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"TCP Query User{1FAD7A2A-B818-45A3-827C-6B6B2B1FEE33}B:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=b:\games\guild wars 2\gw2.exe | 
"TCP Query User{680811C3-D4CC-46A0-AE5B-0FF5D62C4306}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (3).exe" = protocol=6 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (3).exe | 
"TCP Query User{6C3D15B7-5783-4A54-9482-AF945251D918}C:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"TCP Query User{8FE5E109-D1E0-40D4-B607-4C649939A29E}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (2).exe" = protocol=6 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (2).exe | 
"TCP Query User{A6E34B25-57A3-4CF3-AE53-3B8B295AA787}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (1).exe" = protocol=6 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (1).exe | 
"TCP Query User{A9FF29D5-B5DE-42DC-9D7F-167C047E5B67}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{B3457DF7-F0E5-438F-B4C3-BC219F941F1B}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{E01B5C35-A03A-4353-B79F-552572649F87}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E3287DB4-F682-418F-8ACB-4AA399647918}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{14B70389-1EEE-4EB5-AFA5-4904810F844E}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (3).exe" = protocol=17 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (3).exe | 
"UDP Query User{3E9A7E79-FB04-4FB7-9240-68E607FE561B}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{6CA57F37-059E-4E34-8C4F-9FFB73B6764F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{81982362-83BB-4B44-96F6-F3152489BBC2}B:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=b:\games\guild wars 2\gw2.exe | 
"UDP Query User{9AE7BAB0-310C-4814-BE80-0452DA34D04A}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{A90CFCDA-0351-4096-88A3-1AC9F2FA45DC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B0DA8F89-2C98-4ED5-BD5F-B509F4081426}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (1).exe" = protocol=17 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (1).exe | 
"UDP Query User{C3982ECD-68DD-4A6D-9E88-60205A1CC96A}C:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe | 
"UDP Query User{C8B9D275-9984-4D8B-9E9C-831E4A14AC3A}C:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (2).exe" = protocol=17 | dir=in | app=c:\users\ivo\downloads\diablo-iii-8370-dede-installer-downloader (2).exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{418D5410-7A7B-315F-0CF9-A76BC6C131DC}" = Catalyst Control Center InstallProxy
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B7B8D9A9-EFCB-4c2f-8117-7A2A32D0BC58}" = Shank 2
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deus Ex Human Revolution - The Missing Link_is1" = Deus Ex Human Revolution - The Missing Link
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"facemoods" = Facemoods Toolbar
"Guild Wars 2" = Guild Wars 2
"Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"hon" = Heroes of Newerth
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"NSS" = Norton Security Scan
"PokerStars" = PokerStars
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 97330" = Magic: The Gathering - Duels of the Planeswalkers 2013
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.09.2012 08:16:38 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.09.2012 08:16:38 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.09.2012 08:16:39 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.09.2012 22:23:05 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.09.2012 22:23:06 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.09.2012 04:54:35 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.09.2012 17:59:52 | Computer Name = ivo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: heroes3.exe, Version: 4.0.0.0, Zeitstempel:
 0x39b83835  Name des fehlerhaften Moduls: MP3DEC.ASI, Version: 3.0.0.0, Zeitstempel:
 0x36910efa  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001970  ID des fehlerhaften Prozesses:
 0x185c  Startzeit der fehlerhaften Anwendung: 0x01cd8f941c1a49ca  Pfad der fehlerhaften
 Anwendung: B:\Games\H3\heroes3.exe  Pfad des fehlerhaften Moduls: B:\Games\H3\MP3DEC.ASI
Berichtskennung:
 d88367a2-fb92-11e1-b9af-001fd080d497
 
Error - 12.09.2012 08:28:34 | Computer Name = ivo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DotP_D13.exe, Version: 0.0.0.0, Zeitstempel:
 0x500a10bd  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002dfe4  ID des fehlerhaften Prozesses:
 0x1260  Startzeit der fehlerhaften Anwendung: 0x01cd90db3f718101  Pfad der fehlerhaften
 Anwendung: B:\Games\steam\steamapps\common\Magic 2013\DotP_D13.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 5e662bcb-fcd5-11e1-89e6-001fd080d497
 
Error - 15.09.2012 10:17:24 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.09.2012 10:17:33 | Computer Name = ivo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 10.09.2012 16:29:52 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 11.09.2012 11:04:02 | Computer Name = ivo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?09.?2012 um 17:01:32 unerwartet heruntergefahren.
 
Error - 11.09.2012 11:04:46 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 11.09.2012 11:04:46 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 14.09.2012 09:01:42 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 14.09.2012 09:01:43 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 15.09.2012 10:50:11 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 15.09.2012 10:50:11 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 15.09.2012 11:15:55 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 15.09.2012 11:15:55 | Computer Name = ivo-PC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.09.2012 17:19:54 - Run 1
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\ivo\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,25% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 815,23 Gb Free Space | 87,53% Space Free | Partition Type: NTFS
Drive F: | 524,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 7,48 Gb Total Space | 6,25 Gb Free Space | 83,61% Space Free | Partition Type: FAT32
 
Computer Name: IVO-PC | User Name: ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 17:19:01 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\ivo\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.08.08 14:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 04:37:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.08 14:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.06 00:05:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.07 02:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.31 04:21:48 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2012.09.15 17:15:01 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2000.03.28 21:24:40 | 000,004,557 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\ivo\AppData\Local\Temp\ATICDSDr.sys -- (ATICDSDr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=2912_8&babsrc=SP_ss&mntrId=ecdc4439000000000000001fd09ac21b
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQtsnXago&i=26
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ivo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ivo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.28 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.26 20:36:54 | 000,000,000 | ---D | M]
 
[2012.04.11 16:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.01.02 02:57:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.06.07 01:59:50 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.09.08 19:33:07 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - homepage: Facemoods Search
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = ,
CHR - homepage: Facemoods Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ivo\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ivo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.44_0\
CHR - Extension: ProxMate = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\1.3.2_0\
CHR - Extension: avast! WebRep = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Facemoods = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\
CHR - Extension: Facemoods = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\
CHR - Extension: SweetIM for Facebook = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Real-Debrid Plugin = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddmpmbogbecddlabhdaidhhfopjocm\1.7.2_1\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Codecv = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnkkfjdnhgkjefnnohgfackfninikjo\1.0_0\
CHR - Extension: Google Mail = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.44_0\
CHR - Extension: ProxMate = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\1.3.2_0\
CHR - Extension: avast! WebRep = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Facemoods = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\
CHR - Extension: Facemoods = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\
CHR - Extension: SweetIM for Facebook = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Real-Debrid Plugin = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddmpmbogbecddlabhdaidhhfopjocm\1.7.2_1\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Codecv = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnkkfjdnhgkjefnnohgfackfninikjo\1.0_0\
CHR - Extension: Google Mail = C:\Users\ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] B:\Games\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA4C7028-88F4-4C4E-9C23-13DE696B85E1}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB16F621-4C6B-41DF-8800-29FF553103D1}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.05.07 22:36:14 | 000,000,212 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2c75824a-9084-11e0-840b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2c75824a-9084-11e0-840b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\atisetup.exe
O33 - MountPoints2\{2c75824a-9084-11e0-840b-806e6f6e6963}\Shell\launch\command - "" = H:\atisetup.exe
O33 - MountPoints2\{6a456a66-7f5b-11e1-a91d-001fd080d497}\Shell - "" = AutoRun
O33 - MountPoints2\{6a456a66-7f5b-11e1-a91d-001fd080d497}\Shell\AutoRun\command - "" = F:\_autorun\Autorun.exe -- [2000.02.08 00:20:10 | 000,036,864 | R--- | M] (New World Computing)
O33 - MountPoints2\{6a456a66-7f5b-11e1-a91d-001fd080d497}\Shell\instDX\command - "" = F:\DirectX\dxsetup.exe -- [2000.10.21 15:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6a456a66-7f5b-11e1-a91d-001fd080d497}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\_autorun\Autorun.exe -- [2000.02.08 00:20:10 | 000,036,864 | R--- | M] (New World Computing)
O33 - MountPoints2\F\Shell\instDX\command - "" = F:\DirectX\dxsetup.exe -- [2000.10.21 15:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\ivo\AppData\Roaming\Malwarebytes
[2012.09.15 16:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.15 16:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.15 16:05:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.15 16:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.11 03:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.09.09 00:47:31 | 000,000,000 | ---D | C] -- C:\Users\ivo\AppData\Roaming\dvdcss
[2012.09.08 19:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2012.09.08 19:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2012.09.08 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.09.06 14:05:07 | 000,000,000 | ---D | C] -- C:\Users\ivo\AppData\Local\ElevatedDiagnostics
[2012.08.26 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.08.26 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\ivo\Documents\Guild Wars 2
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 17:24:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4061487119-2599682824-1884109203-1001UA.job
[2012.09.15 17:22:16 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 17:22:16 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 17:20:07 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.15 17:20:07 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.15 17:20:07 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.15 17:20:07 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.15 17:20:07 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.15 17:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 17:14:43 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 16:37:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.15 16:05:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.15 08:24:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4061487119-2599682824-1884109203-1001Core.job
[2012.09.15 03:15:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ivo.job
[2012.09.11 03:10:12 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
[2012.09.10 02:50:04 | 000,002,133 | ---- | M] () -- C:\Users\ivo\Desktop\Diablo III.lnk
[2012.09.08 19:33:17 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 21:26:50 | 000,002,441 | ---- | M] () -- C:\Users\ivo\Desktop\Google Chrome.lnk
[2012.09.03 00:18:34 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.28 17:35:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.26 17:13:38 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.15 16:05:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 03:10:12 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
[2012.09.10 02:50:04 | 000,002,133 | ---- | C] () -- C:\Users\ivo\Desktop\Diablo III.lnk
[2012.09.08 19:33:17 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2012.08.26 17:13:38 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.07 02:18:32 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.07 02:07:41 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.07 00:25:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.06.06 23:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.07.17 04:08:44 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Babylon
[2012.04.06 00:12:38 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\DAEMON Tools Lite
[2012.04.06 00:07:10 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Firetrust
[2011.06.07 01:49:54 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\HEM Data
[2012.07.17 01:36:16 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\loadtbs
[2012.04.06 00:05:43 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\OpenCandy
[2012.07.16 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Registry Mechanic
[2012.06.23 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Temp
[2012.07.25 04:22:11 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\TS3Client
[2008.01.02 02:55:47 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\ts3overlay
[2009.07.14 07:08:49 | 000,023,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

Geändert von holymoly (15.09.2012 um 16:45 Uhr)

Alt 15.09.2012, 16:48   #2
markusg
/// Malware-holic
 
keylogger facemoods - Standard

keylogger facemoods



hi
öffne malwarebytes, berichte, poste logs mit funden.
__________________

__________________

Alt 15.09.2012, 16:56   #3
holymoly
 
keylogger facemoods - Standard

keylogger facemoods



Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ivo :: IVO-PC [Administrator]

Schutz: Aktiviert

15.09.2012 16:09:35
mbam-log-2012-09-15 (16-09-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343353
Laufzeit: 35 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
B:\Games\shank\Shank\bin\3in1_Activator.exe (Malware.Packer.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ivo\Downloads\Codec-V.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ivo\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ivo\Downloads\PCPerformerSetup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ist das das richtige?
__________________

Alt 15.09.2012, 18:21   #4
markusg
/// Malware-holic
 
keylogger facemoods - Standard

keylogger facemoods



hi
B:\Games\shank\Shank\bin\3in1_Activator.exe (Malware.Packer.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
dies ist ein keygen.
die verwendung dieser ist nicht legal, deswegen bekommst du hier nur hilfe beim neu aufsetzen
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.09.2012, 19:24   #5
holymoly
 
keylogger facemoods - Standard

keylogger facemoods



nur eine frage noch ist es möglich das ein keylogger verhindert das ich email zugesendet oder lesen kann?


Alt 17.09.2012, 17:31   #6
markusg
/// Malware-holic
 
keylogger facemoods - Standard

keylogger facemoods



nein sollte nicht.
__________________
--> keylogger facemoods

Antwort

Themen zu keylogger facemoods
account, adblock, babylon toolbar, babylontoolbar, battle.net, browser, email, ergebnisse, facemood, gehackt, google, iminent, iminent toolbar, install.exe, jdownloader, keylogger, launch, lieber, links, malwarebytes, msiexec.exe, ntdll.dll, plug-in, problem, scan, scanner, schonmal, seite, seiten, spanisch, sweetim, toolbar, trojanerboard, verseucht, viren, viren scanner, virus, wsearch, öffnen




Ähnliche Themen: keylogger facemoods


  1. pup.optional.facemoods und trojanerwarnung avg
    Log-Analyse und Auswertung - 26.03.2015 (16)
  2. "Selbstinstallation" von Winrar und Keylogger "The best Keylogger" möglich?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Keylogger?
    Log-Analyse und Auswertung - 24.02.2014 (7)
  4. Facemoods - schädigend? (hijackthis) - sicher ist sicher
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (13)
  5. Fehlermeldung[(x86)facemoods.com/facemoods/1.4.1.7.5/facemoodsrv.exe]...
    Log-Analyse und Auswertung - 28.06.2011 (1)
  6. Facemoods-Search im Internetexplorer nicht entfehrnbar
    Plagegeister aller Art und deren Bekämpfung - 28.02.2011 (3)
  7. Facemoods-Search im Internetexplorer nicht entfehrnbar
    Alles rund um Windows - 27.02.2011 (1)
  8. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  9. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  10. Keylogger?
    Log-Analyse und Auswertung - 02.01.2009 (2)
  11. keylogger
    Mülltonne - 14.04.2008 (0)
  12. Keylogger was nun?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2008 (3)
  13. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  14. KeyLogger...
    Log-Analyse und Auswertung - 20.04.2007 (20)
  15. Keylogger ? !
    Mülltonne - 14.04.2007 (9)
  16. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)

Zum Thema keylogger facemoods - Lieber Trojanerboard Mitarbeiter, mein virus ist ziemlich sicher ein keylogger weil bei mir jetzt schon der zweite account zu einem MMO gehackt worden ist. Ausserdem öffnen sich bei meinem chrome - keylogger facemoods...
Archiv
Du betrachtest: keylogger facemoods auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.