| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2012, 19:19
| #1 |
| |  PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Hallo erst mal. ich habe mit Malwarebytes meinen Rechner gescannt und fest gestellt das ich Bedrohungen der Registry habe. Ich bin dann auf "entfernen" gegangen habe den Rechner neu gestartet und Malwarebytes noch mal durchlaufen lassen und es wurden (PUM.UserWLoad) \Temp\msmyih.exe und (Trojan.Agent) \msmyih.exe nicht gelöscht. Das ganze hab ich noch mehrmals probiert und ich kam immer zum selben Ergebnis. erster Durchlauf: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sous Chef Stephan :: SOUSCHEFSTEPHAN [Administrator] Schutz: Aktiviert 22.11.2012 09:14:11 mbam-log-2012-11-22 (09-14-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211400 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) zweiter Durchlauf: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sous Chef Stephan :: SOUSCHEFSTEPHAN [Administrator] Schutz: Aktiviert 22.11.2012 09:49:50 mbam-log-2012-11-22 (09-49-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210427 Laufzeit: 3 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und das hab ich noch 8 mal wiederholt, das selbe Ergebnis. Danke für die Hilfe Stephan OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 14:36:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sous Chef Stephan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 62,10% Memory free 7,86 Gb Paging File | 5,63 Gb Available in Paging File | 71,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290,45 Gb Total Space | 90,43 Gb Free Space | 31,14% Space Free | Partition Type: NTFS Drive D: | 290,62 Gb Total Space | 103,97 Gb Free Space | 35,78% Space Free | Partition Type: NTFS Drive L: | 372,61 Gb Total Space | 74,33 Gb Free Space | 19,95% Space Free | Partition Type: NTFS Drive M: | 931,28 Gb Total Space | 433,18 Gb Free Space | 46,51% Space Free | Partition Type: FAT32 Computer Name: SOUSCHEFSTEPHAN | User Name: Sous Chef Stephan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 14:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- D:\Büro\Adobe\AcrobatX\Acrobat\acrotray.exe PRC - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 03:08:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\PSE10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.04.08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Users\Sous Chef Stephan\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2011.01.26 10:26:48 | 000,573,224 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010.12.02 15:12:56 | 001,316,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.05.20 14:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\ProgramData\Logitech\Mousse\SetPoint\x86\SetPoint32.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- D:\Büro\Adobe\AcrobatX\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll MOD - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\ProgramData\Logitech\Mousse\SetPoint\x86\SetPoint32.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.13 10:35:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Büro\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.13 03:08:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.07.02 15:15:26 | 000,424,360 | R--- | M] (cFos Software GmbH) [Auto | Running] -- D:\Tool\Internet\cFos\spd.exe -- (cFosSpeedS) SRV - [2012.06.06 17:57:46 | 003,293,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.22 21:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\PSE10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.01.26 10:26:48 | 000,573,224 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.01.12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010.10.15 21:35:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.10 14:37:08 | 000,334,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService) SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010.03.25 14:58:22 | 000,034,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Büro\Office2010\BussinesContactManager\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.02 15:15:30 | 001,312,168 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.09 19:44:01 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.20 03:05:04 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2011.01.20 02:59:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.12.21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010.12.21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010.12.21 12:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.05.20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.30 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.27 03:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.12.17 03:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub) DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.02.11 17:34:28 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice) DRV - [2011.01.20 02:59:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60) DRV - [2010.08.04 10:05:12 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search The Web - Cloy IM IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{4B007CAC-EF97-4C9D-A455-4B910D66B215}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=4CEBE464-3602-4DC7-B3F6-F3ABE4F958C9&apn_sauid=F42E5085-85E2-49F6-8D89-ACC4AA062734& IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms} IE - HKCU\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.startup.homepage: "hxxp://home.cloyim.com/" FF - prefs.js..keyword.URL: "hxxp://home.cloyim.com/search.php?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\BRO~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Media\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Büro\Adobe\AcrobatX\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sous Chef Stephan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sous Chef Stephan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Büro\Adobe\AcrobatX\Acrobat\Browser\WCFirefoxExtn [2012.11.04 16:24:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 11:09:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.03.28 12:53:07 | 000,000,000 | ---D | M] [2012.06.18 11:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Extensions [2012.08.23 16:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Firefox\Profiles\kyzpu9j2.default\extensions [2012.06.18 17:19:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Firefox\Profiles\kyzpu9j2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 16:36:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\firefox\profiles\kyzpu9j2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\firefox\profiles\kyzpu9j2.default\searchplugins\askcom.xml [2011.03.28 21:42:24 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.10.09 08:41:55 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Tool\Internet\FireFox4\plugins\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = D:\Tool\Internet\FireFox4\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Media\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Skype Click to Call = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Bitdefender QuickScan = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\ O1 HOSTS File: ([2010.11.19 09:20:59 | 000,002,389 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com # Adobe Acrobat Pro X O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 28 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Büro\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Büro\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BCSSync] D:\Büro\Office2010\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [cFosSpeed] D:\Tool\Internet\cFos\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Büro\Adobe\AcrobatX\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) F3:64bit: - HKCU WinNT: Load - (C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe) - File not found F3 - HKCU WinNT: Load - (C:\Users\SOUSCH~1\LOCALS~1\Temp\msmyih.exe) - File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8:64bit: - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Büro\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Büro\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC97B91A-ACDB-4873-AD39-434F914E29A3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled 2 deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\build-a-lot 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\consumer_cpl.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\farm-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\golf-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jqsolitaire2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lcore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\prefutil.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\racing-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\PMLauncher.exe (TuneUp Software) O27:64bit: - HKLM IFEO\virtual villagers - the tree of life-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zuma deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled 2 deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\build-a-lot 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\consumer_cpl.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\farm-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\golf-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jqsolitaire2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lcore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\prefutil.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\racing-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\PMLauncher.exe (TuneUp Software) O27 - HKLM IFEO\virtual villagers - the tree of life-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zuma deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Büro\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.12.31 09:35:45 | 000,000,100 | ---- | M] () - L:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{07721390-d89a-11df-aac4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{07721390-d89a-11df-aac4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 14:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe [2012.11.22 09:12:17 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Malwarebytes [2012.11.22 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.22 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.22 09:12:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.21 10:55:18 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2012.11.21 10:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.21 10:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.11.21 10:51:33 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\QuickScan [2012.11.13 10:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.11.12 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2012.11.06 21:07:34 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SaalDesignSoftware [2012.11.06 20:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch [2012.11.06 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.11.06 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.11.06 11:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.11.06 11:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.11.06 11:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.11.06 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.22 14:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe [2012.11.22 14:30:52 | 000,000,000 | ---- | M] () -- C:\Users\Sous Chef Stephan\defogger_reenable [2012.11.22 14:29:53 | 000,050,477 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Defogger.exe [2012.11.22 14:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 13:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 13:57:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 13:56:40 | 000,000,370 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\LAN-Verbindung - Verknüpfung.lnk [2012.11.22 13:53:13 | 001,812,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.22 13:53:13 | 000,767,826 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.22 13:53:13 | 000,722,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.22 13:53:13 | 000,174,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.22 13:53:13 | 000,147,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.22 13:47:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 13:47:13 | 000,475,289 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.11.22 12:49:36 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.22 09:12:10 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 11:01:02 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.21 10:55:11 | 000,001,049 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Kaspersky Security Scan.lnk [2012.11.19 09:45:52 | 005,693,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.12 15:41:03 | 000,466,019 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Ticket Lüdersburg Leipzig.pdf [2012.11.12 11:06:24 | 000,000,935 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Format Factory.lnk [2012.11.06 21:07:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.06 20:59:01 | 000,000,685 | ---- | M] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.11.06 20:59:01 | 000,000,670 | ---- | M] () -- C:\Users\Public\Desktop\Fotoschau.lnk [2012.11.04 16:24:16 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.10.25 15:33:21 | 001,785,384 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.22 14:30:52 | 000,000,000 | ---- | C] () -- C:\Users\Sous Chef Stephan\defogger_reenable [2012.11.22 14:29:53 | 000,050,477 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Defogger.exe [2012.11.22 13:56:40 | 000,000,370 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\LAN-Verbindung - Verknüpfung.lnk [2012.11.22 09:12:10 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 10:55:19 | 000,001,049 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Kaspersky Security Scan.lnk [2012.11.19 09:38:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 09:33:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 15:41:03 | 000,466,019 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Ticket Lüdersburg Leipzig.pdf [2012.11.06 21:07:31 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.06 21:07:31 | 000,000,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk [2012.11.06 20:59:01 | 000,000,685 | ---- | C] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.11.06 20:59:01 | 000,000,670 | ---- | C] () -- C:\Users\Public\Desktop\Fotoschau.lnk [2012.11.04 16:24:16 | 000,001,710 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.10.08 09:42:10 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC64.dll [2012.09.30 16:41:37 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll [2012.08.09 15:30:16 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2012.07.10 05:19:52 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\HDREfexPro2FC32.dll [2012.06.05 18:12:26 | 000,000,144 | ---- | C] () -- C:\Users\Sous Chef Stephan\extranet.marriott.com.HOD.LOC [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.24 14:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI [2012.04.24 14:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI [2012.02.27 20:44:48 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll [2012.02.23 04:26:34 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.12 12:22:59 | 000,036,280 | ---- | C] () -- C:\Users\Sous Chef Stephan\GamingC.mac [2012.02.07 02:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll [2012.02.07 02:22:16 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll [2012.02.07 02:22:16 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\LGPII2CDriver.sys [2012.01.31 20:36:50 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2012.01.29 13:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI [2012.01.05 15:33:01 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2012.01.03 20:20:30 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 14:50:28 | 000,245,296 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2011.07.24 14:50:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.04 13:28:47 | 000,019,968 | ---- | C] () -- C:\Users\Sous Chef Stephan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.29 15:03:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.03.28 21:14:32 | 001,785,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.05 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\3v [2012.04.05 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Canon [2011.07.24 14:26:02 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.02.20 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2012.02.12 10:13:27 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.10.10 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoft [2012.10.11 09:22:37 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\FileZilla [2012.10.11 09:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\FMZilla [2012.02.12 09:30:47 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\folder [2011.04.19 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\fotobuch.de AG [2012.05.02 20:10:55 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\GoContactSyncMOD [2012.10.09 08:41:55 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\High Speed Download [2012.01.29 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Leadertech [2012.04.24 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\MarkSpace [2012.04.24 12:41:41 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Mobile Action [2012.05.02 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\MyPhoneExplorer [2012.10.09 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Nik Software [2011.03.28 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Notepad++ [2011.03.28 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\OEM [2011.04.09 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Office-Vorlagen 2011 [2011.03.28 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Opera [2012.02.12 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1 [2012.10.11 20:14:47 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Plane9 [2012.11.21 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\QuickScan [2012.11.06 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SaalDesignSoftware [2011.03.29 14:38:15 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SoftGrid Client [2011.03.29 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.28 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\TP [2011.12.29 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\TuneUp Software [2012.03.09 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Wacom [2012.03.09 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.02.05 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\WTouch ========== Purity Check ========== < End of report > Geändert von Yestorty (22.11.2012 um 19:28 Uhr) |
|
26.11.2012, 10:24
| #2 |
| /// the machine /// TB-Ausbilder    | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
und dann ein frisches OTL log bitte.
__________________ |
|
26.11.2012, 10:30
| #3 |
| /// Malwareteam    | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden -----------------------------
__________________
__________________ Geändert von Psychotic (26.11.2012 um 10:30 Uhr) Grund: Schrauber war schneller! |
|
27.11.2012, 11:40
| #4 |
| | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Hi Schrauber, hier ist die Log Datei # AdwCleaner v2.009 - Datei am 27/11/2012 um 11:28:13 erstellt # Aktualisiert am 24/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Sous Chef Stephan - SOUSCHEFSTEPHAN # Bootmodus : Normal # Ausgeführt unter : C:\Users\Sous Chef Stephan\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Sous Chef Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\kyzpu9j2.default\searchplugins\Askcom.xml Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Sous Chef Stephan\AppData\Local\APN Ordner Gelöscht : C:\Users\Sous Chef Stephan\AppData\Local\TempDir Ordner Gelöscht : C:\Users\Sous Chef Stephan\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Sous Chef Stephan\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Sous Chef Stephan\AppData\LocalLow\facemoods.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Profilname : default Datei : C:\Users\Sous Chef Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\kyzpu9j2.default\prefs.js C:\Users\Sous Chef Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\kyzpu9j2.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultenginename", "Search the web"); Gelöscht : user_pref("browser.search.order.1", "Search the web"); -\\ Google Chrome v18.0.1025.162 Datei : C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.11.1661.0 Datei : C:\Users\Sous Chef Stephan\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [2506 octets] - [27/11/2012 11:27:10] AdwCleaner[S1].txt - [2429 octets] - [27/11/2012 11:28:13] ########## EOF - C:\AdwCleaner[S1].txt - [2489 octets] ########## |
|
27.11.2012, 11:41
| #5 |
| /// the machine /// TB-Ausbilder | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Dann das frische OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 11:53
| #6 |
| | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden und die OLT OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2012 11:42:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sous Chef Stephan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 51,07% Memory free 7,86 Gb Paging File | 5,52 Gb Available in Paging File | 70,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290,45 Gb Total Space | 98,40 Gb Free Space | 33,88% Space Free | Partition Type: NTFS Drive D: | 290,62 Gb Total Space | 103,99 Gb Free Space | 35,78% Space Free | Partition Type: NTFS Drive L: | 372,61 Gb Total Space | 74,15 Gb Free Space | 19,90% Space Free | Partition Type: NTFS Drive M: | 931,28 Gb Total Space | 433,18 Gb Free Space | 46,51% Space Free | Partition Type: FAT32 Computer Name: SOUSCHEFSTEPHAN | User Name: Sous Chef Stephan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 14:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- D:\Büro\Adobe\AcrobatX\Acrobat\acrotray.exe PRC - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 03:08:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\PSE10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.04.08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Users\Sous Chef Stephan\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2011.01.26 10:26:48 | 000,573,224 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010.12.02 15:12:56 | 001,316,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.05.20 14:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\ProgramData\Logitech\Mousse\SetPoint\x86\SetPoint32.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- D:\Büro\Adobe\AcrobatX\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.05.02 19:57:05 | 008,743,584 | ---- | M] () -- C:\Users\SOUSCH~1\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll MOD - [2012.05.02 19:57:05 | 008,743,584 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll MOD - [2012.04.12 08:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll MOD - [2012.04.12 08:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012.04.12 08:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012.04.12 08:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012.04.12 08:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\ProgramData\Logitech\Mousse\SetPoint\x86\SetPoint32.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.13 10:35:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Tool\Internet\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 13:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Büro\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.13 03:08:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.07.02 15:15:26 | 000,424,360 | R--- | M] (cFos Software GmbH) [Auto | Running] -- D:\Tool\Internet\cFos\spd.exe -- (cFosSpeedS) SRV - [2012.06.06 17:57:46 | 003,293,552 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.22 21:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\PSE10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.01.26 10:26:48 | 000,573,224 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.01.12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2010.10.15 21:35:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.10 14:37:08 | 000,334,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService) SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010.03.25 14:58:22 | 000,034,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Büro\Office2010\BussinesContactManager\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.02 15:15:30 | 001,312,168 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.09 19:44:01 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.08 17:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.20 03:05:04 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2011.01.20 02:59:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.12.21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010.12.21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010.12.21 12:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.05.20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.30 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.27 03:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.12.17 03:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub) DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.01.20 02:59:18 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.cloyim.com/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{4B007CAC-EF97-4C9D-A455-4B910D66B215}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=4CEBE464-3602-4DC7-B3F6-F3ABE4F958C9&apn_sauid=F42E5085-85E2-49F6-8D89-ACC4AA062734& IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms} IE - HKCU\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://home.cloyim.com/" FF - prefs.js..keyword.URL: "hxxp://home.cloyim.com/search.php?q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\BRO~1\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Media\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Büro\Adobe\AcrobatX\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sous Chef Stephan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sous Chef Stephan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Büro\Adobe\AcrobatX\Acrobat\Browser\WCFirefoxExtn [2012.11.04 16:24:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 11:09:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.03.28 12:53:07 | 000,000,000 | ---D | M] [2012.06.18 11:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Extensions [2012.08.23 16:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Firefox\Profiles\kyzpu9j2.default\extensions [2012.06.18 17:19:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\Firefox\Profiles\kyzpu9j2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 16:36:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Sous Chef Stephan\AppData\Roaming\mozilla\firefox\profiles\kyzpu9j2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.03.28 21:42:24 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.10.09 08:41:55 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Tool\Internet\FireFox4\plugins\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = D:\Tool\Internet\FireFox4\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Media\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Skype Click to Call = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Bitdefender QuickScan = C:\Users\Sous Chef Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\ O1 HOSTS File: ([2010.11.19 09:20:59 | 000,002,389 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com # Adobe Acrobat Pro X O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 28 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Büro\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Büro\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BCSSync] D:\Büro\Office2010\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [cFosSpeed] D:\Tool\Internet\cFos\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Büro\Adobe\AcrobatX\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8:64bit: - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm () O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Büro\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Büro\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC97B91A-ACDB-4873-AD39-434F914E29A3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Büro\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.12.31 09:35:45 | 000,000,100 | ---- | M] () - L:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{07721390-d89a-11df-aac4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{07721390-d89a-11df-aac4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 19:00:20 | 000,000,000 | R-SD | C] -- C:\Users\Sous Chef Stephan\Documents\My Stationery [2012.11.22 14:34:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe [2012.11.22 09:12:17 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Malwarebytes [2012.11.22 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.22 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.22 09:12:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.21 10:55:18 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2012.11.21 10:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.21 10:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.11.21 10:51:33 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\QuickScan [2012.11.13 10:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.11.12 11:06:24 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2012.11.06 21:07:34 | 000,000,000 | ---D | C] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SaalDesignSoftware [2012.11.06 20:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch [2012.11.06 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.11.06 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.11.06 11:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.11.06 11:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.11.06 11:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.11.06 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 11:43:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 11:43:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 11:41:39 | 001,812,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.27 11:41:39 | 000,767,826 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.27 11:41:39 | 000,722,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.27 11:41:39 | 000,174,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.27 11:41:39 | 000,147,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.27 11:35:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 11:35:38 | 000,493,153 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.11.27 11:25:59 | 000,480,125 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\adwcleaner.exe [2012.11.27 11:03:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.24 14:29:18 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.22 14:34:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sous Chef Stephan\Desktop\OTL.exe [2012.11.22 14:30:52 | 000,000,000 | ---- | M] () -- C:\Users\Sous Chef Stephan\defogger_reenable [2012.11.22 14:29:53 | 000,050,477 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Defogger.exe [2012.11.22 13:56:40 | 000,000,370 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\LAN-Verbindung - Verknüpfung.lnk [2012.11.22 12:49:36 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.22 09:12:10 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 11:01:02 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.21 10:55:11 | 000,001,049 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Kaspersky Security Scan.lnk [2012.11.19 09:45:52 | 005,693,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.12 15:41:03 | 000,466,019 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Ticket Lüdersburg Leipzig.pdf [2012.11.12 11:06:24 | 000,000,935 | ---- | M] () -- C:\Users\Sous Chef Stephan\Desktop\Format Factory.lnk [2012.11.06 20:59:01 | 000,000,685 | ---- | M] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.11.06 20:59:01 | 000,000,670 | ---- | M] () -- C:\Users\Public\Desktop\Fotoschau.lnk [2012.11.04 16:24:16 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 11:25:57 | 000,480,125 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\adwcleaner.exe [2012.11.24 14:29:18 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.11.24 14:29:18 | 000,000,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk [2012.11.22 14:30:52 | 000,000,000 | ---- | C] () -- C:\Users\Sous Chef Stephan\defogger_reenable [2012.11.22 14:29:53 | 000,050,477 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Defogger.exe [2012.11.22 13:56:40 | 000,000,370 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\LAN-Verbindung - Verknüpfung.lnk [2012.11.22 09:12:10 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 10:55:19 | 000,001,049 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Kaspersky Security Scan.lnk [2012.11.19 09:38:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 09:33:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 15:41:03 | 000,466,019 | ---- | C] () -- C:\Users\Sous Chef Stephan\Desktop\Ticket Lüdersburg Leipzig.pdf [2012.11.06 20:59:01 | 000,000,685 | ---- | C] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.11.06 20:59:01 | 000,000,670 | ---- | C] () -- C:\Users\Public\Desktop\Fotoschau.lnk [2012.11.04 16:24:16 | 000,001,710 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2012.10.08 09:42:10 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC64.dll [2012.09.30 16:41:37 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll [2012.08.09 15:30:16 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2012.07.10 05:19:52 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\HDREfexPro2FC32.dll [2012.06.05 18:12:26 | 000,000,144 | ---- | C] () -- C:\Users\Sous Chef Stephan\extranet.marriott.com.HOD.LOC [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.24 14:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI [2012.04.24 14:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI [2012.02.27 20:44:48 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll [2012.02.23 04:26:34 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.12 12:22:59 | 000,036,280 | ---- | C] () -- C:\Users\Sous Chef Stephan\GamingC.mac [2012.02.07 02:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll [2012.02.07 02:22:16 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll [2012.02.07 02:22:16 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\LGPII2CDriver.sys [2012.01.31 20:36:50 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2012.01.29 13:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI [2012.01.05 15:33:01 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2012.01.03 20:20:30 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.24 14:50:28 | 000,245,296 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2011.07.24 14:50:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.04 13:28:47 | 000,019,968 | ---- | C] () -- C:\Users\Sous Chef Stephan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.29 15:03:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.03.28 21:14:32 | 001,785,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.05 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\3v [2012.04.05 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Canon [2011.07.24 14:26:02 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.02.20 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2012.02.12 10:13:27 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.10.10 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\DVDVideoSoft [2012.10.11 09:22:37 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\FileZilla [2012.10.11 09:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\FMZilla [2012.02.12 09:30:47 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\folder [2011.04.19 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\fotobuch.de AG [2012.05.02 20:10:55 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\GoContactSyncMOD [2012.10.09 08:41:55 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\High Speed Download [2012.01.29 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Leadertech [2012.04.24 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\MarkSpace [2012.04.24 12:41:41 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Mobile Action [2012.05.02 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\MyPhoneExplorer [2012.10.09 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Nik Software [2011.03.28 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Notepad++ [2011.03.28 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\OEM [2011.04.09 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Office-Vorlagen 2011 [2011.03.28 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Opera [2012.02.12 11:19:17 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1 [2012.10.11 20:14:47 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Plane9 [2012.11.21 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\QuickScan [2012.11.06 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SaalDesignSoftware [2011.03.29 14:38:15 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\SoftGrid Client [2011.03.29 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.28 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\TP [2011.12.29 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\TuneUp Software [2012.03.09 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\Wacom [2012.03.09 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.02.05 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Sous Chef Stephan\AppData\Roaming\WTouch ========== Purity Check ========== < End of report > |
|
27.11.2012, 11:59
| #7 | |
| /// the machine /// TB-Ausbilder | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werdenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 12:08
| #8 |
| | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Photoshop ist Orginale Teacher Versionen Stephan |
|
27.11.2012, 13:09
| #9 |
| /// the machine /// TB-Ausbilder | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Und warum blockst du den Kontakt zu Adobe um die Registrierung und die Gültigkeit der Lizenz zu prüfen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 13:50
| #10 |
| | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Ich war mal böse und ein Freund (wie Immer  ) hat mir damals eine ältere Version auf gespielt. Nun Mach ich eine Weiterbildung und ich hab die Orginale cs 6 für gutes Geld kaufen Können. |
|
27.11.2012, 14:32
| #11 |
| /// the machine /// TB-Ausbilder | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Dann kannst Du dem Freund danken. Denn aufgrund dieser Anzeichen muss ich den Support einstellen. Selbst wenn Du mir nen Kaufbeleg als Scan anhängen würdest. Is einfach so, wir machen uns sonst der Beihilfe schuldig.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2012, 14:50
| #12 |
| | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Ist es denn bei meinem Rechner nun wieder OK ? kann ich leben oder wird das schlimmer? Ansonsten ganz herzlichen Dank für die Hilfe. Und Weiterhin gutes schaffen. Stephan |
|
27.11.2012, 19:21
| #13 |
| /// the machine /// TB-Ausbilder | PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden Wir müssten weiter scannen, kann ich so nicht sagen. Am Besten Neuaufsetzen, dann verschwinden auch die illegalen Einträge in der Host.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden |
| administrator, anti-malware, autostart, canon, dateien, diner dash, entfernen, eset nod32, explorer, file, gelöscht, gen, image, launch, löschen, malwarebytes, microsoft, msn deutschland, neu, packard bell, plug-in, poweriso, pum.userwload, quarantäne, rechner, registry, search the web, service, software, speicher, tablet, temp, test, trojan.agent, version, wiederholt |
Linear-Darstellung
