BKA-Infizierung

BKA-Opfer · 19.01.2013, 12:36

Hallo liebes Forum!

Ich habe vor einigen Tagen mit einem Schock feststellen müssen, dass das "BKA" meinen Laptop (W7 64 bit) infiziert hat. Aufforderung einer Zahlung von 100€ via Ukash wurde natürlich nicht nachgegangen. Offensichtlich ist das nur ein fake, wie so vieles.

Ich habe schon das hier: hxxp://support.kaspersky.com/de/viruses/rescuedisk vergeblich versucht. Ebenso scheiterte ich hierbei: hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html, da ich eine neue explorer.exe nirgends fand und diese dann nicht ersetzen konnte.

Ich bin mit meinem Latein am Ende und hoffe, dass ihr mir bei diesem Problem helfen könnt.

Gruß, BKA-Opfer

t'john · 19.01.2013, 15:26

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

BKA-Opfer · 19.01.2013, 16:45

Hallo, erstmal vielen Dank für die Antwort!

Als ich die CD einlegte und von dieser gebootet habe kam folgender Fehler:
(Es wurde übrigens der Boot-Screen von Windows XP angezeigt, nicht von Reatogo..) Dann kam der hier:

t'john · 19.01.2013, 17:25

Bitte im BIOS die SATA-Einstellungen von AHCI auf IDE umstellen und nochmal probieren.

BKA-Opfer · 19.01.2013, 17:55

Hat funktioniert, nur leider kam nur ein OTL Dokument dabei heraus..?

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/19/2013 5:47:40 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 77.85 Mb Free Space | 76.34% Space Free | Partition Type: NTFS
Drive D: | 7.51 Gb Total Space | 6.61 Gb Free Space | 87.99% Space Free | Partition Type: FAT32
Drive E: | 584.07 Gb Total Space | 496.88 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/02/05 13:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/11/02 05:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- E:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/20 06:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/01/12 14:23:59 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/01/12 14:23:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/08 18:47:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/02 19:12:23 | 000,580,536 | ---- | M] () [Auto] -- E:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/19 06:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/17 04:04:36 | 000,247,872 | ---- | M] () [Auto] -- E:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/02 15:33:49 | 003,780,040 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto] -- E:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/06 20:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/09 03:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/09 03:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:24:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/01/12 14:24:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/11/16 14:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/27 10:09:31 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/08/27 10:09:31 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/01/12 09:55:49 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/18 01:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/19 20:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/01/04 09:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 08:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- E:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/07/01 07:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/03/01 02:20:56 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/09 00:18:34 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/05 15:35:45 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/11/02 05:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011/01/04 09:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE - HKU\Gast_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Gast_ON_E\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\Gast_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Nico_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE - HKU\Nico_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=115038&tt=0213_7&babsrc=HP_ss&mntrId=8cb8a742000000000000c417fe0677be
IE - HKU\Nico_ON_E\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\UpdatusUser_ON_E\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: E:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/26 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/26 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
 
[2011/06/28 09:13:00 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Gast\AppData\Roaming\Mozilla\Extensions
[2011/10/19 15:13:31 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/17 10:36:48 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 01:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- E:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/12/12 11:00:40 | 000,002,048 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/09/16 07:13:27 | 000,000,143 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - E:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - E:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - E:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - E:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - E:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - E:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - E:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - E:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Gast_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Nico_ON_E\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O3 - HKU\Nico_ON_E\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - E:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O3:64bit: - HKU\Nico_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Nico_ON_E\..\Toolbar\WebBrowser: (InnoGames International Toolbar) - {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - E:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] E:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [mwlDaemon] E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] E:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Nico_ON_E..\Run: [Pando Media Booster] E:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Nico_ON_E..\Run: [svñhîst]  File not found
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [ScrSav] E:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Nico_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nico_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Nico_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://www.kasparow.com/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - E:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/11 20:04:20 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\Avira
[2013/01/11 19:59:02 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/11 19:58:42 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2013/01/11 19:58:42 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avgntflt.sys
[2013/01/11 19:58:42 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avkmgr.sys
[2013/01/11 19:57:35 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Avira
[2013/01/11 19:44:21 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/11 19:37:27 | 000,000,000 | ---D | C] -- E:\ProgramData\Tarma Installer
[2013/01/09 20:44:33 | 000,000,000 | ---D | C] -- E:\1d5ff4f98fc8d73b99bb3c85a6e2
[2013/01/09 15:32:30 | 000,750,592 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 15:32:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\win32spl.dll
[2013/01/09 15:32:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2013/01/09 15:32:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ncrypt.dll
[2013/01/09 15:32:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\taskhost.exe
[2013/01/02 19:13:42 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\BabSolution
[2013/01/02 19:10:32 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\ChatZum Toolbar
[2013/01/02 19:10:15 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\PasswordBox
[2013/01/02 19:08:24 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\Systweak
[2013/01/02 04:50:25 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Local\ElevatedDiagnostics
[2013/01/01 17:31:55 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\eType
[2013/01/01 17:31:53 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013/01/01 17:31:52 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\FilesFrog Update Checker
[2013/01/01 17:31:51 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\PricePeep
[2013/01/01 17:31:44 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Incredibar.com
[2013/01/01 17:31:26 | 000,000,000 | ---D | C] -- E:\Windows\SysWow64\WNLT
[2013/01/01 17:26:54 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\PerformerSoft
[2013/01/01 17:26:53 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- E:\Windows\System32\roboot64.exe
[2013/01/01 17:26:50 | 000,000,000 | ---D | C] -- E:\Windows\SysWow64\searchplugins
[2013/01/01 17:26:50 | 000,000,000 | ---D | C] -- E:\Windows\SysWow64\Extensions
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- E:\ProgramData\IBUpdaterService
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\File Scout
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- E:\Users\Nico\AppData\Roaming\Babylon
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- E:\ProgramData\Babylon
[2012/12/21 03:37:57 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- E:\Windows\System32\atmfd.dll
[2012/12/21 03:37:57 | 000,046,080 | ---- | C] (Adobe Systems) -- E:\Windows\System32\atmlib.dll
[2012/12/21 03:37:57 | 000,034,304 | ---- | C] (Adobe Systems) -- E:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:37:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\atmfd.dll
[2010/03/02 05:47:50 | 000,036,136 | ---- | C] (Oberon Media) -- E:\ProgramData\FullRemove.exe
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/16 13:53:34 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/01/16 13:53:10 | 000,000,310 | -HS- | M] () -- E:\Windows\tasks\QFPJZOM.job
[2013/01/16 13:53:00 | 3113,254,912 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/16 13:17:36 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 13:17:36 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 13:09:55 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 13:09:44 | 000,000,342 | ---- | M] () -- E:\Windows\tasks\DriverScanner.job
[2013/01/16 03:47:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 03:42:00 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 05:37:27 | 000,697,082 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/01/14 05:37:27 | 000,652,360 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/01/14 05:37:27 | 000,148,346 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/01/14 05:37:27 | 000,121,292 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/01/14 05:34:47 | 001,121,792 | ---- | M] () -- E:\Users\Nico\Documents\Präsentationsprüfung Energiewende.pps
[2013/01/13 18:53:24 | 000,010,445 | ---- | M] () -- E:\Users\Nico\Documents\Mein Film.wlmp
[2013/01/13 08:00:34 | 000,002,441 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/13 04:58:44 | 000,000,446 | -H-- | M] () -- E:\Windows\tasks\Norton Security Scan for Nico.job
[2013/01/12 14:43:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/12 14:24:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avipbb.sys
[2013/01/12 14:24:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Windows\System32\drivers\avgntflt.sys
[2013/01/11 19:59:02 | 000,001,998 | ---- | M] () -- E:\Users\Public\Desktop\Avira Control Center.lnk
[2013/01/11 19:59:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/10 08:50:04 | 001,591,234 | ---- | M] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/10 08:31:36 | 000,427,720 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/01/08 18:47:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 18:47:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/02 12:53:51 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/01 17:31:44 | 000,000,450 | ---- | M] () -- E:\user.js
[2012/12/26 16:38:02 | 000,002,216 | ---- | M] () -- E:\Users\Public\Desktop\Google Earth.lnk
[2012/12/26 16:38:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/25 07:47:51 | 000,012,800 | ---- | M] () -- E:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/14 05:33:04 | 001,121,792 | ---- | C] () -- E:\Users\Nico\Documents\Präsentationsprüfung Energiewende.pps
[2013/01/13 18:53:24 | 000,010,445 | ---- | C] () -- E:\Users\Nico\Documents\Mein Film.wlmp
[2013/01/11 19:59:02 | 000,001,998 | ---- | C] () -- E:\Users\Public\Desktop\Avira Control Center.lnk
[2013/01/02 04:55:21 | 000,002,301 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013/01/01 17:31:44 | 000,000,450 | ---- | C] () -- E:\user.js
[2012/12/26 16:38:02 | 000,002,216 | ---- | C] () -- E:\Users\Public\Desktop\Google Earth.lnk
[2011/11/09 11:56:13 | 001,591,234 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/12 09:38:27 | 000,000,017 | ---- | C] () -- E:\Users\Nico\AppData\Local\resmon.resmoncfg
[2011/07/01 16:47:29 | 002,872,320 | ---- | C] () -- E:\Windows\explorer.exe
[2011/07/01 16:47:09 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/11 06:31:42 | 000,012,800 | ---- | C] () -- E:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 12:10:41 | 000,000,029 | ---- | C] () -- E:\Windows\VPluginBasicImage.INI
[2011/01/04 09:10:58 | 000,030,568 | ---- | C] () -- E:\Windows\MusiccityDownload.exe
[2011/01/04 09:10:56 | 000,974,848 | ---- | C] () -- E:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 09:10:56 | 000,081,920 | ---- | C] () -- E:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 09:10:56 | 000,065,536 | ---- | C] () -- E:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 09:10:56 | 000,057,344 | ---- | C] () -- E:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/30 13:47:42 | 000,031,791 | ---- | C] () -- E:\Windows\War3Unin.dat
[2010/10/15 08:18:16 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2010/10/14 08:08:30 | 000,000,022 | -HS- | C] () -- E:\Users\Nico\AppData\Roaming\Sys6925.Config Collection.sys
[2010/10/14 08:08:30 | 000,000,022 | -HS- | C] () -- E:\Windows\Sys3390 SettingsCollection.bin
[2010/09/07 15:07:14 | 000,004,096 | ---- | C] () -- E:\Windows\d3dx.dat
[2010/08/27 18:12:31 | 000,000,035 | ---- | C] () -- E:\Windows\WorldBuilder.INI
[2009/10/06 02:16:00 | 000,819,200 | ---- | C] () -- E:\Windows\SysWow64\xvidcore.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2010/03/02 06:00:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2010/07/28 15:42:31 | 000,000,000 | ---D | M] -- E:\ProgramData\Arcade Lab
[2012/12/06 02:19:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2013/01/01 17:26:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon
[2010/03/02 06:10:33 | 000,000,000 | ---D | M] -- E:\ProgramData\BackupManager
[2010/11/14 06:32:13 | 000,000,000 | ---D | M] -- E:\ProgramData\boost_interprocess
[2011/09/16 07:13:48 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2010/09/15 10:21:18 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Pro
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2010/03/02 06:13:00 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec
[2010/03/02 06:10:59 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2010/07/28 15:40:11 | 000,000,000 | ---D | M] -- E:\ProgramData\FarmFrenzy2
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/10/26 16:34:07 | 000,000,000 | ---D | M] -- E:\ProgramData\Firefly Studios
[2013/01/01 17:26:25 | 000,000,000 | ---D | M] -- E:\ProgramData\IBUpdaterService
[2011/10/04 11:52:49 | 000,000,000 | ---D | M] -- E:\ProgramData\ICQ
[2010/12/02 11:32:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Intenium
[2010/07/24 07:06:15 | 000,000,000 | ---D | M] -- E:\ProgramData\OEM
[2010/08/14 13:38:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2011/03/08 14:04:46 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Drivers HeadQuarters
[2012/12/10 14:07:22 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2011/06/11 06:22:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2012/06/29 18:41:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Screaming Bee
[2011/08/13 12:42:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Spreng- und Abriss-Simulator
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2013/01/11 19:37:27 | 000,000,000 | ---D | M] -- E:\ProgramData\Tarma Installer
[2010/07/28 15:43:42 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/12/06 14:37:34 | 000,000,000 | ---D | M] -- E:\ProgramData\TmForever
[2012/09/02 03:39:25 | 000,000,000 | ---D | M] -- E:\ProgramData\TP-LINK
[2011/03/08 14:05:19 | 000,000,000 | ---D | M] -- E:\ProgramData\UAB
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2010/08/21 14:20:43 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/01/16 13:09:44 | 000,000,342 | ---- | M] () -- E:\Windows\Tasks\DriverScanner.job
[2013/01/16 13:53:10 | 000,000,310 | -HS- | M] () -- E:\Windows\Tasks\QFPJZOM.job
[2013/01/16 13:40:04 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> E:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 124 bytes -> E:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> E:\ProgramData\Temp:4CF61E54
< End of report >

--- --- ---

t'john · 19.01.2013, 18:20

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
 
O4 - HKU\Nico_ON_E..\Run: [svñhîst] File not found 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [ScrSav] E:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () 

[2013/01/01 17:26:53 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- E:\Windows\System32\roboot64.exe 

@Alternate Data Stream - 146 bytes -> E:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 124 bytes -> E:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 118 bytes -> E:\ProgramData\Temp:4CF61E54 
[2013/01/16 13:53:10 | 000,000,310 | -HS- | M] () -- E:\Windows\tasks\QFPJZOM.job 

[2011/01/04 09:10:58 | 000,030,568 | ---- | C] () -- E:\Windows\MusiccityDownload.exe 
[2010/11/14 06:32:13 | 000,000,000 | ---D | M] -- E:\ProgramData\boost_interprocess 
[2010/08/14 13:38:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner 

:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

BKA-Opfer · 19.01.2013, 20:41

All done.
Booten funktioniert leider noch nicht, Virus öffnet sich immernoch sofort.

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\Nico_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File E:\Program Files (x86)\Acer\Screensaver\run_Acer.exe not found.
File E:\Windows\System32\roboot64.exe not found.
Unable to delete ADS E:\ProgramData\Temp:AB689DEA .
Unable to delete ADS E:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS E:\ProgramData\Temp:4CF61E54 .
File E:\Windows\tasks\QFPJZOM.job not found.
File E:\Windows\MusiccityDownload.exe not found.
Folder E:\ProgramData\boost_interprocess\ not found.
Folder E:\ProgramData\Partner\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
 
User: Familie
 
User: Familie.Nico-PC
 
User: Gast
->Temp folder emptied: 44166782 bytes
->Temporary Internet Files folder emptied: 338047610 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 6593099 bytes
->Flash cache emptied: 59977 bytes
 
User: Nadine
 
User: Nico
->Temp folder emptied: 499627493 bytes
->Temporary Internet Files folder emptied: 461636084 bytes
->Java cache emptied: 37970228 bytes
->Google Chrome cache emptied: 368387741 bytes
->Flash cache emptied: 35436 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 352230485 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
 
Total Files Cleaned = 2,011.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01192013_195659

t'john · 19.01.2013, 23:13

Bitte neues Log erstellen!

BKA-Opfer · 20.01.2013, 11:46

Bitteschön:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/20/2013 11:38:40 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 77.85 Mb Free Space | 76.34% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 418.34 Gb Free Space | 89.82% Space Free | Partition Type: NTFS
Drive E: | 7.51 Gb Total Space | 6.61 Gb Free Space | 87.99% Space Free | Partition Type: FAT32
Drive F: | 584.07 Gb Total Space | 498.65 Gb Free Space | 85.38% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/02/05 13:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/11/02 05:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/20 06:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand] -- F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- F:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/01/12 14:23:59 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/01/12 14:23:47 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/08 18:47:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/02 19:12:23 | 000,580,536 | ---- | M] () [Auto] -- F:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- F:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/19 06:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/17 04:04:36 | 000,247,872 | ---- | M] () [Auto] -- F:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/02 15:33:49 | 003,780,040 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- F:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/06 20:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- F:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/12/23 20:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/09 03:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/09 03:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- F:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/12 14:24:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/01/12 14:24:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/11/16 14:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- F:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/27 10:09:31 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/08/27 10:09:31 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/01/12 09:55:49 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- F:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/18 01:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/19 20:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/01/04 09:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- F:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 08:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- F:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/07/01 07:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/03/01 02:20:56 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/09 00:18:34 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/05 15:35:45 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/11/02 05:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 15:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- F:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- F:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011/01/04 09:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- F:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE - HKU\Gast_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Gast_ON_F\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\Gast_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Nico_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360710j725l0464z1l5t5552k558
IE - HKU\Nico_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=115038&tt=0213_7&babsrc=HP_ss&mntrId=8cb8a742000000000000c417fe0677be
IE - HKU\Nico_ON_F\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\Nico_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\UpdatusUser_ON_F\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: F:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/26 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/26 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
 
[2011/06/28 09:13:00 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Gast\AppData\Roaming\Mozilla\Extensions
[2011/10/19 15:13:31 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/17 10:36:48 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 01:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- F:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011/12/12 11:00:40 | 000,002,048 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/09/16 07:13:27 | 000,000,143 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - F:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - F:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - F:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - F:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - F:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - F:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - F:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (InnoGames International Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - F:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - F:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - F:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Gast_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Nico_ON_F\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O3 - HKU\Nico_ON_F\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - F:\Program Files (x86)\ChatZum Toolbar\tbunsiBE2D.tmp\tbcore3.dll ()
O3:64bit: - HKU\Nico_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Nico_ON_F\..\Toolbar\WebBrowser: (InnoGames International Toolbar) - {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - F:\Program Files (x86)\InnoGames_International\prxtbInno.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] F:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] F:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [mwlDaemon] F:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] F:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Nico_ON_F..\Run: [Pando Media Booster] F:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Nico_ON_F..\Run: [svñhîst]  File not found
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [ScrSav] F:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Nico_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nico_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Nico_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://www.kasparow.com/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/19 19:57:02 | 000,000,000 | ---D | C] -- F:\_OTL
[2013/01/19 17:57:13 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2013/01/11 20:04:20 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\Avira
[2013/01/11 19:59:02 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/11 19:58:42 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- F:\Windows\System32\drivers\avipbb.sys
[2013/01/11 19:58:42 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- F:\Windows\System32\drivers\avgntflt.sys
[2013/01/11 19:58:42 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- F:\Windows\System32\drivers\avkmgr.sys
[2013/01/11 19:57:35 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Avira
[2013/01/11 19:44:21 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/11 19:37:27 | 000,000,000 | ---D | C] -- F:\ProgramData\Tarma Installer
[2013/01/09 20:44:33 | 000,000,000 | ---D | C] -- F:\1d5ff4f98fc8d73b99bb3c85a6e2
[2013/01/09 15:32:30 | 000,750,592 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32spl.dll
[2013/01/09 15:32:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\win32spl.dll
[2013/01/09 15:32:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ncrypt.dll
[2013/01/09 15:32:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ncrypt.dll
[2013/01/09 15:32:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\taskhost.exe
[2013/01/02 19:13:42 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\BabSolution
[2013/01/02 19:10:32 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\ChatZum Toolbar
[2013/01/02 19:10:15 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\PasswordBox
[2013/01/02 19:08:24 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\Systweak
[2013/01/02 04:50:25 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Local\ElevatedDiagnostics
[2013/01/01 17:31:55 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\eType
[2013/01/01 17:31:53 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013/01/01 17:31:52 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\FilesFrog Update Checker
[2013/01/01 17:31:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\PricePeep
[2013/01/01 17:31:44 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Incredibar.com
[2013/01/01 17:31:26 | 000,000,000 | ---D | C] -- F:\Windows\SysWow64\WNLT
[2013/01/01 17:26:54 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\PerformerSoft
[2013/01/01 17:26:53 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- F:\Windows\System32\roboot64.exe
[2013/01/01 17:26:50 | 000,000,000 | ---D | C] -- F:\Windows\SysWow64\searchplugins
[2013/01/01 17:26:50 | 000,000,000 | ---D | C] -- F:\Windows\SysWow64\Extensions
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- F:\ProgramData\IBUpdaterService
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\File Scout
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- F:\Users\Nico\AppData\Roaming\Babylon
[2013/01/01 17:26:24 | 000,000,000 | ---D | C] -- F:\ProgramData\Babylon
[2010/03/02 05:47:50 | 000,036,136 | ---- | C] (Oberon Media) -- F:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/19 14:17:24 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/01/19 14:16:01 | 000,001,106 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 14:15:47 | 000,000,342 | ---- | M] () -- F:\Windows\tasks\DriverScanner.job
[2013/01/19 14:15:30 | 000,000,310 | -HS- | M] () -- F:\Windows\tasks\QFPJZOM.job
[2013/01/19 14:14:52 | 3113,295,872 | -HS- | M] () -- F:\hiberfil.sys
[2013/01/16 13:17:36 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 13:17:36 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/16 03:47:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 03:42:00 | 000,001,110 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 05:37:27 | 000,697,082 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/01/14 05:37:27 | 000,652,360 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/01/14 05:37:27 | 000,148,346 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/01/14 05:37:27 | 000,121,292 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/01/14 05:34:47 | 001,121,792 | ---- | M] () -- F:\Users\Nico\Documents\Präsentationsprüfung Energiewende.pps
[2013/01/13 18:53:24 | 000,010,445 | ---- | M] () -- F:\Users\Nico\Documents\Mein Film.wlmp
[2013/01/13 08:00:34 | 000,002,441 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/13 04:58:44 | 000,000,446 | -H-- | M] () -- F:\Windows\tasks\Norton Security Scan for Nico.job
[2013/01/12 14:43:32 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/12 14:24:03 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- F:\Windows\System32\drivers\avipbb.sys
[2013/01/12 14:24:03 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- F:\Windows\System32\drivers\avgntflt.sys
[2013/01/11 19:59:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/01/10 08:50:04 | 001,591,234 | ---- | M] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/10 08:31:36 | 000,427,720 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/01/08 18:47:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 18:47:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/02 12:53:51 | 000,000,000 | R--D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/01 17:31:44 | 000,000,450 | ---- | M] () -- F:\user.js
[2012/12/26 16:38:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/25 07:47:51 | 000,012,800 | ---- | M] () -- F:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013/01/14 05:33:04 | 001,121,792 | ---- | C] () -- F:\Users\Nico\Documents\Präsentationsprüfung Energiewende.pps
[2013/01/13 18:53:24 | 000,010,445 | ---- | C] () -- F:\Users\Nico\Documents\Mein Film.wlmp
[2013/01/02 04:55:21 | 000,002,301 | ---- | C] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
[2013/01/01 17:31:44 | 000,000,450 | ---- | C] () -- F:\user.js
[2011/11/09 11:56:13 | 001,591,234 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/12 09:38:27 | 000,000,017 | ---- | C] () -- F:\Users\Nico\AppData\Local\resmon.resmoncfg
[2011/07/01 16:47:29 | 002,872,320 | ---- | C] () -- F:\Windows\explorer.exe
[2011/07/01 16:47:09 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/11 06:31:42 | 000,012,800 | ---- | C] () -- F:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 12:10:41 | 000,000,029 | ---- | C] () -- F:\Windows\VPluginBasicImage.INI
[2011/01/04 09:10:58 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe
[2011/01/04 09:10:56 | 000,974,848 | ---- | C] () -- F:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 09:10:56 | 000,081,920 | ---- | C] () -- F:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 09:10:56 | 000,065,536 | ---- | C] () -- F:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 09:10:56 | 000,057,344 | ---- | C] () -- F:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/30 13:47:42 | 000,031,791 | ---- | C] () -- F:\Windows\War3Unin.dat
[2010/10/15 08:18:16 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/10/14 08:08:30 | 000,000,022 | -HS- | C] () -- F:\Users\Nico\AppData\Roaming\Sys6925.Config Collection.sys
[2010/10/14 08:08:30 | 000,000,022 | -HS- | C] () -- F:\Windows\Sys3390 SettingsCollection.bin
[2010/09/07 15:07:14 | 000,004,096 | ---- | C] () -- F:\Windows\d3dx.dat
[2010/08/27 18:12:31 | 000,000,035 | ---- | C] () -- F:\Windows\WorldBuilder.INI
[2009/10/06 02:16:00 | 000,819,200 | ---- | C] () -- F:\Windows\SysWow64\xvidcore.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- F:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2010/03/02 06:00:59 | 000,000,000 | ---D | M] -- F:\ProgramData\Acer
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/07/28 15:42:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Arcade Lab
[2012/12/06 02:19:17 | 000,000,000 | ---D | M] -- F:\ProgramData\Ask
[2013/01/01 17:26:24 | 000,000,000 | ---D | M] -- F:\ProgramData\Babylon
[2010/03/02 06:10:33 | 000,000,000 | ---D | M] -- F:\ProgramData\BackupManager
[2010/11/14 06:32:13 | 000,000,000 | ---D | M] -- F:\ProgramData\boost_interprocess
[2011/09/16 07:13:48 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2010/09/15 10:21:18 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Pro
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/03/02 06:13:00 | 000,000,000 | ---D | M] -- F:\ProgramData\EgisTec
[2010/03/02 06:10:59 | 000,000,000 | ---D | M] -- F:\ProgramData\eSobi
[2010/07/28 15:40:11 | 000,000,000 | ---D | M] -- F:\ProgramData\FarmFrenzy2
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/10/26 16:34:07 | 000,000,000 | ---D | M] -- F:\ProgramData\Firefly Studios
[2013/01/01 17:26:25 | 000,000,000 | ---D | M] -- F:\ProgramData\IBUpdaterService
[2011/10/04 11:52:49 | 000,000,000 | ---D | M] -- F:\ProgramData\ICQ
[2010/12/02 11:32:11 | 000,000,000 | ---D | M] -- F:\ProgramData\Intenium
[2010/07/24 07:06:15 | 000,000,000 | ---D | M] -- F:\ProgramData\OEM
[2010/08/14 13:38:52 | 000,000,000 | ---D | M] -- F:\ProgramData\Partner
[2011/03/08 14:04:46 | 000,000,000 | ---D | M] -- F:\ProgramData\PC Drivers HeadQuarters
[2012/12/10 14:07:22 | 000,000,000 | ---D | M] -- F:\ProgramData\PMB Files
[2011/06/11 06:22:11 | 000,000,000 | ---D | M] -- F:\ProgramData\Samsung
[2012/06/29 18:41:26 | 000,000,000 | ---D | M] -- F:\ProgramData\Screaming Bee
[2011/08/13 12:42:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Spreng- und Abriss-Simulator
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2013/01/11 19:37:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Tarma Installer
[2010/07/28 15:43:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/12/06 14:37:34 | 000,000,000 | ---D | M] -- F:\ProgramData\TmForever
[2012/09/02 03:39:25 | 000,000,000 | ---D | M] -- F:\ProgramData\TP-LINK
[2011/03/08 14:05:19 | 000,000,000 | ---D | M] -- F:\ProgramData\UAB
[2010/07/24 07:05:52 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2010/08/21 14:20:43 | 000,000,000 | ---D | M] -- F:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/01/19 14:15:47 | 000,000,342 | ---- | M] () -- F:\Windows\Tasks\DriverScanner.job
[2013/01/19 14:15:30 | 000,000,310 | -HS- | M] () -- F:\Windows\Tasks\QFPJZOM.job
[2013/01/16 13:40:04 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> F:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 124 bytes -> F:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 118 bytes -> F:\ProgramData\Temp:4CF61E54
< End of report >

--- --- ---

t'john · 20.01.2013, 15:02

Der Fix konnte auch nicht funktionieren, weil sich das Laufwerk geaendert hat.

Vorher war es E: , hier ist es F:

Nochmal mit diesem Fix:

Code:

ATTFilter

:OTL
 
O4 - HKU\Nico_ON_F..\Run: [svñhîst] File not found 
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [ScrSav] F:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () 

[2013/01/01 17:26:53 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- F:\Windows\System32\roboot64.exe 

@Alternate Data Stream - 146 bytes -> F:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 124 bytes -> F:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 118 bytes -> F:\ProgramData\Temp:4CF61E54 
[2013/01/16 13:53:10 | 000,000,310 | -HS- | M] () -- F:\Windows\tasks\QFPJZOM.job 

[2011/01/04 09:10:58 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe 
[2010/11/14 06:32:13 | 000,000,000 | ---D | M] -- F:\ProgramData\boost_interprocess 
[2010/08/14 13:38:52 | 000,000,000 | ---D | M] -- F:\ProgramData\Partner 

:Commands
[emptytemp]

BKA-Opfer · 20.01.2013, 15:17

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\Nico_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
F:\Program Files (x86)\Acer\Screensaver\run_Acer.exe moved successfully.
File F:\Windows\System32\roboot64.exe not found.
ADS F:\ProgramData\Temp:AB689DEA deleted successfully.
ADS F:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS F:\ProgramData\Temp:4CF61E54 deleted successfully.
F:\Windows\Tasks\QFPJZOM.job moved successfully.
F:\Windows\MusiccityDownload.exe moved successfully.
F:\ProgramData\boost_interprocess\8BC5D1B2DE83CB01 folder moved successfully.
F:\ProgramData\boost_interprocess folder moved successfully.
F:\ProgramData\Partner folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Familie
 
User: Familie.Nico-PC
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nadine
 
User: Nico
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01202013_151426

t'john · 20.01.2013, 15:27

Und?

BKA-Opfer · 20.01.2013, 15:49

Virus startet immernoch :/

t'john · 20.01.2013, 16:59

Letzter Versuch, danach bleib nur noch Neuaufsetzen uebrig.

Code:

ATTFilter

:OTL
O4 - HKU\Nico_ON_F..\Run: [Pando Media Booster] F:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () 
O4 - HKU\Nico_ON_F..\Run: [svñhîst] File not found 
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found 
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] File not found 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - File not found 
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - File not found 
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe ()

t'john · 17.03.2013, 13:03

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

19.01.2013, 17:25	#4
t'john /// Helfer-Team	BKA-Infizierung Bitte im BIOS die SATA-Einstellungen von AHCI auf IDE umstellen und nochmal probieren. __________________ Mfg, t'john Das TB unterstützen

19.01.2013, 23:13	#8
t'john /// Helfer-Team	BKA-Infizierung Bitte neues Log erstellen! __________________ Mfg, t'john Das TB unterstützen

20.01.2013, 15:27	#12
t'john /// Helfer-Team	BKA-Infizierung Und? __________________ Mfg, t'john Das TB unterstützen

BKA-Infizierung

Plagegeister aller Art und deren Bekämpfung: BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

BKA-Infizierung

Ähnliche Themen: BKA-Infizierung

19.01.2013, 16:45	#3
BKA-Opfer	BKA-Infizierung Hallo, erstmal vielen Dank für die Antwort! Als ich die CD einlegte und von dieser gebootet habe kam folgender Fehler: (Es wurde übrigens der Boot-Screen von Windows XP angezeigt, nicht von Reatogo..) Dann kam der hier: __________________

20.01.2013, 15:49	#13
BKA-Opfer	BKA-Infizierung Virus startet immernoch :/