EXP/JAVA.Rettilic.Gen

NadineS

Hy,

ich habe ein Problem mit meinem Pc und brauche dringend hilfe, weil ich nicht weis, was ich tun soll um das Problem zu lösen. Das Bild verzehrt sich nach der Zeit und ich habe über Avira einen Exploit.gen gefunden. Als ich ihn in quarantäne schickte, kam er irgendwie zurück. Also er war noch drin, aber mein Bildschirm verzehrte sich wieder. Ich habe Malwarebytes suchen geschickt und habe ihn gefunden. Ich habe wie hier beschrieben die scans mit OLD und so durchgeführt. Das kam dabei raus:

Vielen Dank im Vorraus :-)

OTL EXTRA:

OTL Extras logfile created on: 07.02.2013 17:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D241AC96-11AC-45C1-A4BA-7A7C6DDCDADD}" = Nitro Reader 2
"{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{5BE5DB79-685E-46FD-A231-CD7467B69DD7}" = TP-LINK Wireless Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}" = Sven XXX - XXL
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"7tsp_GUI" = 7tsp v0.3 Build(3003)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"APB Reloaded" = APB Reloaded
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Polizei" = Die Polizei
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"Hoffmanns Email & Netzwerk Schach_is1" = Hoffmans E&N Schach V1.9
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"PunkBusterSvc" = PunkBuster Services
"theHunter" = theHunter (remove only)
"TrueCrypt" = TrueCrypt
"Wildlife Park 3_is1" = Wildlife Park 3 v1.07
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GamersFirst LIVE!" = GamersFirst LIVE!
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.01.2013 13:01:14 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: police.exe, Version: 0.0.0.0, Zeitstempel:
0x4de64211 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000006e ID des fehlerhaften Prozesses:
0xbcc Startzeit der fehlerhaften Anwendung: 0x01cdf72a2ecaefe1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Quadriga Games\Die Polizei\bin.x86\police.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fee1afe1-6322-11e2-8a83-1c6f65aac9d9

Error - 25.01.2013 11:00:48 | Computer Name = Sanctuary | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 24.0.1312.52 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11cc Startzeit:
01cdfafe7181901f Endzeit: 2451 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
f873ced9-66ff-11e2-987a-1c6f65aac9d9

Error - 25.01.2013 11:33:01 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812
ID
des fehlerhaften Prozesses: 0xce4 Startzeit der fehlerhaften Anwendung: 0x01cdfb10f340a89d
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: 8098c5b7-6704-11e2-92f7-1c6f65aac9d9

Error - 31.01.2013 13:15:16 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften
Prozesses: 0x654 Startzeit der fehlerhaften Anwendung: 0x01cdffd6812d7cee Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll
Berichtskennung:
c7c8709d-6bc9-11e2-bac6-1c6f65aac9d9

Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften
Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung: 0x01cdffe2562e7520 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll
Berichtskennung:
b01ff101-6bd5-11e2-bb74-1c6f65aac9d9

Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000008 Fehleroffset: 0x000827b8 ID des fehlerhaften
Prozesses: 0xfc4 Startzeit der fehlerhaften Anwendung: 0x01cdffe271f5f7ee Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b09597ea-6bd5-11e2-bb74-1c6f65aac9d9

Error - 02.02.2013 07:58:43 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812
ID
des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0x01ce013c5428624e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: e39a19bb-6d2f-11e2-91d4-1c6f65aac9d9

Error - 02.02.2013 11:27:57 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.57,
Zeitstempel: 0x510326ea Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x238 Startzeit der fehlerhaften Anwendung: 0x01ce0159dee9b83a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 1e6b3f82-6d4d-11e2-bbe8-1c6f65aac9d9

Error - 05.02.2013 12:00:35 | Computer Name = Sanctuary | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xb94 Startzeit der fehlerhaften Anwendung: 0x01ce03b9664cebd4
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2cd72fe0-6fad-11e2-93f3-1c6f65aac9d9

Error - 05.02.2013 12:29:31 | Computer Name = Sanctuary | Source = VaudiXUpdater | ID = 0
Description =

[ Media Center Events ]
Error - 07.11.2012 09:33:52 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:33:52 - Fehler beim Herstellen der Internetverbindung. 14:33:52
- Serververbindung konnte nicht hergestellt werden..

Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 07.11.2012 09:34:31 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 14:34:26 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 07.11.2012 10:34:43 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 15:34:43 - Fehler beim Herstellen der Internetverbindung. 15:34:43
- Serververbindung konnte nicht hergestellt werden..

Error - 07.11.2012 10:34:53 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 15:34:48 - Fehler beim Herstellen der Internetverbindung. 15:34:48
- Serververbindung konnte nicht hergestellt werden..

Error - 10.11.2012 06:33:20 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 11:33:20 - Fehler beim Herstellen der Internetverbindung. 11:33:20
- Serververbindung konnte nicht hergestellt werden..

Error - 10.11.2012 06:33:30 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 11:33:25 - Fehler beim Herstellen der Internetverbindung. 11:33:25
- Serververbindung konnte nicht hergestellt werden..

Error - 17.12.2012 14:12:00 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 19:12:00 - Fehler beim Herstellen der Internetverbindung. 19:12:00
- Serververbindung konnte nicht hergestellt werden..

Error - 17.12.2012 14:12:13 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0
Description = 19:12:06 - Fehler beim Herstellen der Internetverbindung. 19:12:06
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:09:58 | Computer Name = Sanctuary | Source = bowser | ID = 8003
Description =

Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891

Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891

Error - 19.10.2012 08:12:56 | Computer Name = Sanctuary | Source = bowser | ID = 8003
Description =


< End of report >

OTL:


OTL logfile created on: 07.02.2013 17:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free
7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS
Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe
PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE


========== Modules (No Company Name) ==========

MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll
MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2013.02.07 16:40:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9ea0a3230000000000001c6f65aac9d9
IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={681C8A58-101E-41C7-A648-1EBB0DA3FA5F}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9&q={searchTerms}
IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=302C37D5-BF37-4B11-A519-9F092AFD1314&apn_sauid=B755F661-004F-4FE8-9033-871F10086F7E
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

[2012.08.03 14:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com
[2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Visual Elements] C:\Users\******\AppData\Local\Temp\windlog.exe File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2011.03.17 11:57:07 | 001,635,680 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.10.26 11:06:38 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] ()
O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe -- [2002.08.22 12:41:50 | 000,098,304 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.07 17:53:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs
[2013.02.05 17:28:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.26 12:39:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach
[2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity
[2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity
[2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix
[2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable
[2013.02.07 17:51:00 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2013.02.07 17:50:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.07 16:41:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 16:41:11 | 000,000,364 | -H-- | M] () -- C:\Windows\tasks\ZoomExUpdaterTask{094CBAB5-E71B-40C3-B9AB-3AE5B16F4696}.job
[2013.02.07 16:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.07 16:40:36 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.01.09 19:23:53 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable
[2013.02.07 17:50:49 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg
[2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg
[2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg
[2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI
[2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel
[2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll
[2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir
[2012.09.13 19:06:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe
[2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin
[2012.07.28 17:06:30 | 000,173,235 | ---- | C] () -- C:\Users\******\theHunter-uninstall.exe
[2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2013.01.15 22:03:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2012.08.09 22:19:41 | 000,002,048 | -HS- | M] () -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix
[2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT
[2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro
[2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft
[2012.11.13 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles
[2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software
[2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium
[2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate
[2013.02.07 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF
[2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\OpenCandy
[2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin
[2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape
[2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO
[2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC
[2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt
[2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity
[2012.11.11 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B

< End of report >


defogger_disable:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:51 on 07/02/2013 (Nadine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-