Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Facebook Bildschirmschoner/Screensaver Virus

Facebook Bildschirmschoner/Screensaver Virus


Log-Analyse und Auswertung: Facebook Bildschirmschoner/Screensaver Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.01.2013, 11:15   #1
Darky77
 
Facebook Bildschirmschoner/Screensaver Virus - Standard

Facebook Bildschirmschoner/Screensaver Virus


Hallo trojaner-board Community,
ich war heute so naiv eine Datei die ich in einer Nachricht eines Freundes bei Facebook, mit dem ich sehr viel Kontakt habe, herunterzuladen und auszuführen.
Mit meinem Account wurde dann an ca. die Hälfte meiner Freunde ein Downloadlink mit dem entsprechenden Virus geschickt. Ich hoffe dass ihr mir weiter helfen könnt, da ich von so etwas nicht viel Ahnung habe. Ich habe die Checkliste bereits abgearbeitet und die Logs sind im Anhang zu finden.
Ich wollte eigentlich noch einen Report meines Antivirs (Avira Free Antivirus) schicken, jedoch sagt es mir jetzt, dass die Datei nicht mehr gefunden werden kann, ich habe jedoch keine Ahnung woran das liegt.
Ich würde mich sehr über eure Hilfe freuen und bedanke mich schonmal für eure Arbeit.
MFG, Darky.

PS: Die OTL.log Datei ist zu groß für den Anhang, ich kopier sie deshalb hier rein.

Code:
ATTFilter
OTL logfile created on: 27.01.2013 10:18:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Darky\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,98% Memory free
8,00 Gb Paging File | 6,59 Gb Available in Paging File | 82,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,67 Gb Total Space | 50,34 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 368,09 Gb Total Space | 43,84 Gb Free Space | 11,91% Space Free | Partition Type: NTFS
 
Computer Name: DARKY-PC | User Name: Darky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.27 10:17:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darky\Downloads\OTL (1).exe
PRC - [2013.01.27 09:47:47 | 000,123,392 | ---- | M] () -- C:\Users\Darky\AppData\Local\Temp\4853258216.exe
PRC - [2013.01.27 08:56:42 | 000,079,872 | RHS- | M] () -- C:\Users\Darky\46357865364647353\winsvc.exe
PRC - [2012.12.26 14:24:57 | 001,099,592 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.12.26 14:24:57 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Darky\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 18:41:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.20 08:20:06 | 000,522,752 | ---- | M] (LOL Replay) -- D:\LoLreplay\LOLRecorder.exe
PRC - [2012.08.08 16:27:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:00:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () -- D:\acronis\OSS\reinstall_svc.exe
PRC - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2006.09.15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
PRC - [2006.09.14 07:56:06 | 000,102,400 | ---- | M] () -- D:\Photoshop Elements\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.27 09:47:47 | 000,123,392 | ---- | M] () -- C:\Users\Darky\AppData\Local\Temp\4853258216.exe
MOD - [2013.01.27 08:56:42 | 000,079,872 | RHS- | M] () -- C:\Users\Darky\46357865364647353\winsvc.exe
MOD - [2013.01.10 18:03:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.10 14:01:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 14:00:57 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.10 14:00:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.10 14:00:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 14:00:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.10 14:00:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 14:00:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 14:00:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 14:00:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 14:00:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.26 14:24:57 | 001,099,592 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.12.26 14:24:57 | 000,157,000 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.0\SiteSafety.dll
MOD - [2012.08.20 08:20:02 | 000,294,400 | ---- | M] () -- D:\LoLreplay\LOLUtils.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 21:47:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.26 14:24:57 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe -- (vToolbarUpdater14.0.0)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 18:41:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 14:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\Programme\HiRez\HiPatchService.exe -- (HiPatchService)
SRV - [2012.06.17 10:57:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 16:00:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:00:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.16 19:20:42 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.08 13:50:00 | 004,321,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- D:\acronis\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.09.14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- D:\Photoshop Elements\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.04 16:07:07 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2012.12.26 14:24:57 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.11.30 20:03:02 | 000,276,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.08.20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.08.20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.05.08 16:00:54 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:00:54 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.28 13:20:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.03.26 00:36:39 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.10.13 02:15:52 | 000,061,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.09.03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009.07.07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.04.09 11:37:18 | 012,342,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.11.21 22:30:39 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\RakionIS\Bin\avital\rakion64.sys -- (rak)
DRV - [2012.11.13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- D:\Programme\RazerGameBooster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012.03.20 15:48:28 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2011.10.25 20:20:20 | 000,028,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.09 11:38:06 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A FD 0C 97 FF 59 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3F46A01C-BD6F-4E1B-8984-109BBB33E06C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=69402782-C11E-429A-94A6-CE047801A752&apn_sauid=2753A5DF-444F-41B9-99CB-AFE43D51EC88
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com/?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=hp"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Darky\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darky\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darky\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Darky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.0.7 [2012.12.26 14:25:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 16:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Darky\AppData\Roaming\IDM\idmmzcc5
 
[2011.11.24 09:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darky\AppData\Roaming\mozilla\Extensions
[2012.10.28 22:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darky\AppData\Roaming\mozilla\Firefox\Profiles\c7bn5uok.default\extensions
[2011.12.01 23:59:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Darky\AppData\Roaming\mozilla\Firefox\Profiles\c7bn5uok.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.20 13:47:31 | 000,000,000 | ---D | M] (Grooveshark Proxy) -- C:\Users\Darky\AppData\Roaming\mozilla\Firefox\Profiles\c7bn5uok.default\extensions\groovesharkProxy@DannieDarko
[2012.05.18 11:55:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Darky\AppData\Roaming\mozilla\Firefox\Profiles\c7bn5uok.default\extensions\ich@maltegoetz.de
[2012.10.28 22:05:13 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Darky\AppData\Roaming\mozilla\Firefox\Profiles\c7bn5uok.default\extensions\toolbar@ask.com
[2012.05.13 13:28:09 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Darky\AppData\Roaming\mozilla\firefox\profiles\c7bn5uok.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.03.23 12:53:29 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Darky\AppData\Roaming\mozilla\firefox\profiles\c7bn5uok.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2012.01.06 12:34:42 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Darky\AppData\Roaming\mozilla\firefox\profiles\c7bn5uok.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.28 22:05:13 | 000,002,308 | ---- | M] () -- C:\Users\Darky\AppData\Roaming\mozilla\firefox\profiles\c7bn5uok.default\searchplugins\askcom.xml
[2012.06.28 16:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.05 16:36:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.26 14:25:20 | 000,003,593 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.avg.com/?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://isearch.avg.com/?cid={A8BA258E-91EA-4211-8A20-73F5CCA5ABD5}&mid=36eaffeb6d2147d0b6f0d156802708d6-73a72734068020a62d47b3d6a78097af0b0cb407&lang=de&ds=mt011&pr=sa&d=2012-11-30 20:20:11&v=13.2.0.4&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darky\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darky\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Darky\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Darky\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Disabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Darky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Darky\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: YouTube = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Auto Replay for YouTube = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.24_0\
CHR - Extension: NotScripts = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Google Mail = C:\Users\Darky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.03.29 19:39:08 | 000,000,960 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll㄀䐮䱌 File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll㄀䐮䱌 File not found
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] D:\Photoshop Elements\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Darky\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Microsoft Windows Service] C:\Users\Darky\46357865364647353\winsvc.exe ()
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 32750 = C:\PROGRA~3\LOCALS~1\Temp\mswqvf.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Darky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Darky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBFFDF46-CE68-49DD-92DA-0D8BC4D72B95}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9615355-1A23-4CF5-A167-D651859BFB07}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE5F5EF-083D-429A-B921-345713A68760}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.27 09:21:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.27 08:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2013.01.27 08:56:45 | 000,000,000 | RHSD | C] -- C:\Users\Darky\46357865364647353
[2013.01.18 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Darky\Documents\Updater
[2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.01.12 17:40:24 | 000,000,000 | ---D | C] -- C:\gPotato.com
[2013.01.05 04:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013.01.04 16:07:07 | 000,155,528 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
[2013.01.04 16:07:07 | 000,020,832 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
[2012.12.29 17:42:06 | 000,000,000 | ---D | C] -- C:\temp
[2012.12.29 02:53:06 | 000,000,000 | ---D | C] -- C:\Users\Darky\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.27 10:04:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563718527-1077238638-2338474282-1000UA.job
[2013.01.27 10:01:41 | 000,000,000 | ---- | M] () -- C:\Users\Darky\defogger_reenable
[2013.01.27 09:54:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 09:54:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 09:47:25 | 000,000,000 | -H-- | M] () -- C:\Users\Darky\AppData\Roaming\winsvcns.sys
[2013.01.27 09:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 09:47:02 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.27 09:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.25 19:04:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3563718527-1077238638-2338474282-1000Core.job
[2013.01.22 19:54:31 | 000,719,991 | ---- | M] () -- C:\Users\Darky\Desktop\148970_435446869861037_2084900007_n.png
[2013.01.21 16:15:21 | 009,887,696 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.21 16:15:21 | 003,381,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.21 16:15:21 | 003,019,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.21 16:15:21 | 002,700,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.21 16:15:21 | 000,006,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.20 02:22:24 | 000,000,863 | ---- | M] () -- C:\Users\Darky\Desktop\SilkroadR.lnk
[2013.01.19 16:07:19 | 000,045,664 | ---- | M] () -- C:\Users\Darky\Desktop\408459_352469148193564_813919350_n.jpg
[2013.01.19 16:07:06 | 000,030,778 | ---- | M] () -- C:\Users\Darky\Desktop\67340_441652375902203_1573373115_n.jpg
[2013.01.19 16:06:59 | 000,147,423 | ---- | M] () -- C:\Users\Darky\Desktop\735714_444982218902552_158703091_o (1).jpg
[2013.01.19 09:00:01 | 000,309,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.18 20:18:45 | 000,000,597 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2013.01.18 20:17:35 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013.01.18 20:08:16 | 000,436,516 | ---- | M] () -- C:\Users\Darky\Desktop\genauvenoxx.jpg
[2013.01.15 20:31:45 | 000,100,149 | ---- | M] () -- C:\Users\Darky\Desktop\243148_489711937720219_578787711_o.jpg
[2013.01.14 21:59:18 | 000,192,041 | ---- | M] () -- C:\Users\Darky\Desktop\740298_193120710826536_1948665537_o.jpg
[2013.01.13 22:12:37 | 000,042,303 | ---- | M] () -- C:\Users\Darky\Desktop\aaaaaaaaaaa.jpg
[2013.01.13 19:26:34 | 000,040,537 | ---- | M] () -- C:\Users\Darky\Desktop\321075_532058510152587_914018536_n.jpg
[2013.01.09 22:39:06 | 000,194,175 | ---- | M] () -- C:\Users\Darky\Desktop\Unbenannt.jpg
[2013.01.07 16:54:37 | 000,448,844 | ---- | M] () -- C:\Users\Darky\Desktop\pjPSd.jpg
[2013.01.07 16:54:13 | 000,659,362 | ---- | M] () -- C:\Users\Darky\Desktop\league1.jpg
[2013.01.07 16:53:10 | 000,235,498 | ---- | M] () -- C:\Users\Darky\Desktop\93f62c_4351502.jpg
[2013.01.06 18:23:56 | 000,069,123 | ---- | M] () -- C:\Users\Darky\Desktop\315710_517863014905567_537718083_n (1).jpg
[2013.01.05 18:55:25 | 000,000,202 | ---- | M] () -- C:\Users\Darky\Desktop\Torchlight II.url
[2013.01.04 16:07:07 | 000,155,528 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
[2013.01.04 16:07:07 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
[2013.01.02 06:34:26 | 000,060,010 | ---- | M] () -- C:\Users\Darky\Desktop\603284_539098199441677_1091867784_n.jpg
[2012.12.31 01:57:13 | 001,199,108 | ---- | M] () -- C:\Users\Darky\Desktop\Unbenannt.png
[2012.12.29 09:53:21 | 000,098,755 | ---- | M] () -- C:\Users\Darky\Desktop\holymoly2.jpg
[2012.12.29 09:52:14 | 000,104,828 | ---- | M] () -- C:\Users\Darky\Desktop\holymoly.jpg
[2012.12.28 16:40:47 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.27 10:01:41 | 000,000,000 | ---- | C] () -- C:\Users\Darky\defogger_reenable
[2013.01.27 08:56:51 | 000,000,000 | -H-- | C] () -- C:\Users\Darky\AppData\Roaming\winsvcns.sys
[2013.01.22 19:54:29 | 000,719,991 | ---- | C] () -- C:\Users\Darky\Desktop\148970_435446869861037_2084900007_n.png
[2013.01.19 16:07:19 | 000,045,664 | ---- | C] () -- C:\Users\Darky\Desktop\408459_352469148193564_813919350_n.jpg
[2013.01.19 16:07:06 | 000,030,778 | ---- | C] () -- C:\Users\Darky\Desktop\67340_441652375902203_1573373115_n.jpg
[2013.01.19 16:06:59 | 000,147,423 | ---- | C] () -- C:\Users\Darky\Desktop\735714_444982218902552_158703091_o (1).jpg
[2013.01.18 20:20:47 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013.01.18 20:18:45 | 000,000,597 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2013.01.18 20:18:45 | 000,000,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 5.0.lnk
[2013.01.18 20:17:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.01.18 20:08:16 | 000,436,516 | ---- | C] () -- C:\Users\Darky\Desktop\genauvenoxx.jpg
[2013.01.15 20:31:35 | 000,100,149 | ---- | C] () -- C:\Users\Darky\Desktop\243148_489711937720219_578787711_o.jpg
[2013.01.14 21:59:14 | 000,192,041 | ---- | C] () -- C:\Users\Darky\Desktop\740298_193120710826536_1948665537_o.jpg
[2013.01.13 22:12:31 | 000,042,303 | ---- | C] () -- C:\Users\Darky\Desktop\aaaaaaaaaaa.jpg
[2013.01.13 19:26:28 | 000,040,537 | ---- | C] () -- C:\Users\Darky\Desktop\321075_532058510152587_914018536_n.jpg
[2013.01.09 22:39:06 | 000,194,175 | ---- | C] () -- C:\Users\Darky\Desktop\Unbenannt.jpg
[2013.01.07 16:54:37 | 000,448,844 | ---- | C] () -- C:\Users\Darky\Desktop\pjPSd.jpg
[2013.01.07 16:54:11 | 000,659,362 | ---- | C] () -- C:\Users\Darky\Desktop\league1.jpg
[2013.01.07 16:53:10 | 000,235,498 | ---- | C] () -- C:\Users\Darky\Desktop\93f62c_4351502.jpg
[2013.01.06 18:23:56 | 000,069,123 | ---- | C] () -- C:\Users\Darky\Desktop\315710_517863014905567_537718083_n (1).jpg
[2013.01.05 18:55:24 | 000,000,202 | ---- | C] () -- C:\Users\Darky\Desktop\Torchlight II.url
[2013.01.02 06:34:25 | 000,060,010 | ---- | C] () -- C:\Users\Darky\Desktop\603284_539098199441677_1091867784_n.jpg
[2012.12.31 01:57:13 | 001,199,108 | ---- | C] () -- C:\Users\Darky\Desktop\Unbenannt.png
[2012.12.29 09:53:21 | 000,098,755 | ---- | C] () -- C:\Users\Darky\Desktop\holymoly2.jpg
[2012.12.29 09:52:13 | 000,104,828 | ---- | C] () -- C:\Users\Darky\Desktop\holymoly.jpg
[2012.11.23 22:26:41 | 000,006,274 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.28 21:58:47 | 000,000,044 | ---- | C] () -- C:\Users\Darky\jagex_cl_runescape_LIVE.dat
[2012.10.28 21:58:38 | 000,000,024 | ---- | C] () -- C:\Users\Darky\jagexappletviewer.preferences
[2012.02.29 19:01:12 | 000,000,024 | ---- | C] () -- C:\Users\Darky\random.dat
[2011.12.30 01:39:07 | 000,000,258 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.12.25 05:46:48 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011.12.25 05:46:47 | 012,039,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011.12.25 05:46:47 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011.12.25 05:46:46 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2011.12.14 18:41:05 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.12.01 07:36:29 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.01 07:36:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.20 22:34:34 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\.minecraft
[2012.03.14 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\.Nitrous
[2011.11.24 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\Acreon
[2012.03.29 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\DMCache
[2011.12.02 00:00:07 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\DVDVideoSoft
[2011.12.01 23:59:54 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.07 22:02:00 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\edxLabs
[2012.03.09 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\ICQ
[2012.11.30 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\IDM
[2011.11.26 19:43:54 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\LolClient
[2012.05.24 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\LolClient2
[2011.11.24 10:17:18 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\MobMapUpdater
[2012.12.27 03:24:15 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\MotioninJoy
[2012.01.29 23:05:45 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\OpenOffice.org
[2012.10.02 16:44:55 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\Origin
[2011.12.24 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\PunkBuster
[2012.07.19 16:21:13 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\six-updater
[2012.07.19 01:52:42 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\six-zsync
[2011.11.29 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\SplitMediaLabs
[2013.01.27 10:14:52 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\TS3Client
[2011.12.25 23:13:42 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\Ubisoft
[2012.01.15 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\Unity
[2012.11.30 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Darky\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F

< End of report >

Alt 27.01.2013, 15:33   #2
ryder
/// TB-Ausbilder
 
Facebook Bildschirmschoner/Screensaver Virus - Standard

Facebook Bildschirmschoner/Screensaver Virus


Sowas hier ...
Zitat:
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 Tonec Home, Offshore Software Development, Custom Programming, Web Design
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 Internet Download Manager: the fastest download accelerator
O1 - Hosts: 127.0.0.1 secure.registeridm.com
... macht nur dann Sinn, wenn man eine illegale Kopie betreiben will.

Supportstopp: Cracks oder Keygens

Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du Cracks oder Keygeneratoren einsetzt oder den Kopierschutz von installierten Programmen umgehst. Bitte habe Verständnis dafür, dass wir dies nicht unterstützen können und dürfen. Zudem ist diese Art Software sehr oft mit Schädlingen infiziert.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.


Damit ist das Thema beendet.
__________________

__________________
Alt 27.01.2013, 16:02   #3
Darky77
 
Facebook Bildschirmschoner/Screensaver Virus - Standard

Facebook Bildschirmschoner/Screensaver Virus


Ich habe mit dem Internet Download Manager zwar nur ein Spiel runtergeladen, aber ich verstehe das Problem und bedanke mich trotzdem.
Edit: mit diesem Spiel meine ich das kostenlose Spiel Silkroad Online, also keine Raubkopie, ich lasse mich jedoch gerne eines Besseren belehren.
__________________
Geändert von Darky77 (27.01.2013 um 16:53 Uhr)

Antwort

Themen zu Facebook Bildschirmschoner/Screensaver Virus
adblock, akamai, antivirus, avg, avg secure search, avg security toolbar, avira, bho, bildschirmschoner, bonjour, checkliste, cid, converter, desktop, downloader, downloadlink, error, facebookvirus, firefox, flash player, format, helper, hotspot, launch, logfile, mozilla, mp3, nvidia update, plug-in, registry, scan, screensaver, secure search, security, software, trojaner-board, virus, vtoolbarupdater, windows


« incredibar | Searchqu ist hartnäckig, nicht vollständig entfernt »


Ähnliche Themen: Facebook Bildschirmschoner/Screensaver Virus


  1. Steam Chatlink der zu einem nicht löschbaren ,,Bildschirmschoner führt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2015 (6)
  2. Bildschirmschoner als JPG?
    Überwachung, Datenschutz und Spam - 06.10.2012 (34)
  3. Facebookvirus getarnt als Bild / bildschirmschoner mit dem Namen ''shufflet''
    Plagegeister aller Art und deren Bekämpfung - 11.11.2011 (34)
  4. Facebook-Virus als Bildschirmschoner getarnt. Komische Prozesse FA2.exe, 89FAC.exe
    Log-Analyse und Auswertung - 08.11.2011 (15)
  5. Facebook-Virus (screensaver)
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (17)
  6. als jpg getarnte screensaver-datei über facebook-chat
    Log-Analyse und Auswertung - 24.10.2011 (1)
  7. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  8. TR/Dropper.gen, getarnt als Bildschirmschoner! Nach jedem Neustart wieder da!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (3)
  9. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  10. ICQ-Screensaver-Wurm: IE 32-Bit funktioniert nicht, Öffnet Werbeseiten, AV nutzlos
    Log-Analyse und Auswertung - 09.06.2010 (4)
  11. lost+found: Schattenkopien, Fernsehprogramm, Screensaver, Twitter, Wolken
    Nachrichten - 11.12.2009 (0)
  12. Bildschirmschoner ist verschwunden...
    Plagegeister aller Art und deren Bekämpfung - 21.08.2008 (1)
  13. Antivirus XP 2008 -> neuaufsetzen für desktop hintergrund bzw bildschirmschoner?
    Log-Analyse und Auswertung - 29.07.2008 (2)
  14. Problem mit de Bildschirmschoner
    Alles rund um Windows - 21.06.2008 (2)
  15. Bildschirmschoner geht nicht
    Alles rund um Windows - 21.04.2008 (2)
  16. Lange Wartezeit Nach Bildschirmschoner Und Bei Benutzerwechsel
    Alles rund um Windows - 20.08.2007 (19)
  17. Viren nach Matrix-Screensaver !
    Log-Analyse und Auswertung - 24.07.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Facebook Bildschirmschoner/Screensaver Virus - Hallo trojaner-board Community, ich war heute so naiv eine Datei die ich in einer Nachricht eines Freundes bei Facebook, mit dem ich sehr viel Kontakt habe, herunterzuladen und auszuführen. Mit - Facebook Bildschirmschoner/Screensaver Virus...
Archiv
Du betrachtest: Facebook Bildschirmschoner/Screensaver Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130