| |
| |||||||
Log-Analyse und Auswertung: Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.03.2013, 15:17
| #1 |
 |  Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Guten Tag miteinander! Ich bin durch Zufall während eines Routine Scans auf ein paar Dateien gestoßen, die mir seltsam vorkamen da ich wusste, dass ich sie nicht selber installiert oder runtergeladen habe. Mein kleiner Bruder nutzt diesen PC allerdings weitaus mehr und die Zeit jeden Tag zu überprüfen hab ich nicht und will ich auch nicht haben. Jetzt zum eigentlichen Punkt: Ich habe nach dem Fund von dem Addon IB-Updater mich bei euch im Forum etwas schlau gemacht und brav alle Scans gemacht und Logs gespeichert. Mein initialer Fund war mit Hilfe von IObit Malware Fighter, deswegen hier der Log. Code:
ATTFilter IObit Malware Fighter
OS: Windows 7
Version: 1.7.0.0
Define Version: 1216
Time Elapsed: 00:01:21
Objects Scanned: 53134
Threats Found: 5
Save Time: 11.03.2013 13:52:52
|Name|Type|Description|ID|
FunMoods, REG, HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}, 2013632
FunMoods, REG, HKEY_CLASSES_ROOT\AppID\escortApp.DLL, 2013638
FunMoods, REG, HKEY_CLASSES_ROOT\AppID\escorTlbr.DLL, 2013640
BabylonToolbar, REG, HKEY_CLASSES_ROOT\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, 2013713
BabylonToolbar, REG, HKEY_CLASSES_ROOT\Prod.cap, 2013714
OTL hat folgendes herausgefunden OTL.txt Code:
ATTFilter OTL logfile created on: 11.03.2013 13:42:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Tools 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,83% Memory free 15,82 Gb Paging File | 14,18 Gb Available in Paging File | 89,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 8,14 Gb Free Space | 14,58% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 835,62 Gb Free Space | 89,71% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.11 13:28:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Tools\OTL.exe PRC - [2013.02.25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- D:\Programme\Steam\steam.exe PRC - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.01.29 14:29:30 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe PRC - [2013.01.15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe PRC - [2013.01.15 18:47:20 | 000,059,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe PRC - [2013.01.15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe PRC - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2012.12.25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.05 12:18:32 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe PRC - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2007.12.19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe PRC - [2007.11.20 15:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe ========== Modules (No Company Name) ========== MOD - [2013.02.25 07:39:32 | 000,988,584 | ---- | M] () -- D:\Programme\Steam\bin\chromehtml.dll MOD - [2013.02.19 11:48:10 | 020,340,648 | ---- | M] () -- D:\Programme\Steam\bin\libcef.dll MOD - [2013.02.15 13:54:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl MOD - [2013.01.15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll MOD - [2013.01.12 08:58:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.12 08:58:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.10 15:51:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:50:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:50:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 15:50:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:50:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:50:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 15:50:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- D:\Programme\Steam\sdl.dll MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Programme\Steam\bin\avcodec-53.dll MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Programme\Steam\bin\avformat-53.dll MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Programme\Steam\bin\avutil-51.dll MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV - [2013.03.11 13:33:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.29 14:29:30 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.16 11:56:57 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.11.28 13:21:00 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.11.15 14:22:52 | 000,746,392 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.03.01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.30 13:33:31 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.12.19 22:29:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.12.19 22:29:05 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.12.19 22:29:05 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.16 13:36:23 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.11.28 13:20:48 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.11.28 13:20:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.05 12:18:32 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.01 15:44:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.02.16 10:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.09 16:45:12 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 03:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.03.23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.07.05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2012.07.05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys -- (RegFilter) DRV - [2012.01.05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.28 14:34:56 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = [String data over 1000 bytes] IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={79DACD3E-F6F8-408F-BE2E-1CFE296F8421}&mid=6bbe4f36f2ad47d0a818d1b647e4e9f2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=od011&pr=sa&d=2012-09-16 16:51:10&v=13.2.0.5&sap=hp IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 D1 75 32 07 E5 CC 01 [binary data] IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2} IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={79DACD3E-F6F8-408F-BE2E-1CFE296F8421}&mid=6bbe4f36f2ad47d0a818d1b647e4e9f2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=od011&pr=sa&d=2012-09-16 16:51:10&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes\{FFA1E941-373C-4B15-A45B-4C4A0835C30B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.11 08:51:09 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.11 08:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.11 08:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.11 08:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.06 16:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions\ich@maltegoetz.de [2013.03.05 10:50:47 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.02.28 10:11:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\staged [2013.03.11 13:33:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.04 17:51:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.14 17:19:14 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.21 20:11:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.04 17:51:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.04 17:51:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.04 17:51:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.04 17:51:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-82016817-340743653-2786680247-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-82016817-340743653-2786680247-1000..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78801749-ED50-471B-9B87-0FC0D1E59171}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b01c6573-d7e0-11e0-81c3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b01c6573-d7e0-11e0-81c3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.11 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.11 13:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tools [2013.03.06 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec logs [2013.03.06 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.03.05 14:26:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2013.03.05 14:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2013.03.05 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec [2013.03.05 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.05 12:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.05 12:05:24 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.05 12:05:24 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.03.05 12:05:24 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.03.05 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.03.05 12:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.03.05 12:04:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.03.01 14:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2013.03.01 14:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 14:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 14:18:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 14:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013.03.01 13:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013.03.01 13:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6 [2013.03.01 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.02.28 12:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.31 19:44:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.11 13:34:31 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.11 13:34:31 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.11 13:31:58 | 009,613,772 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.11 13:31:58 | 003,247,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.11 13:31:58 | 002,922,684 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.11 13:31:58 | 002,617,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.11 13:31:58 | 000,005,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.11 13:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.11 13:27:23 | 2077,048,831 | -HS- | M] () -- C:\hiberfil.sys [2013.03.11 13:24:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.02.20 18:02:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.15 13:53:38 | 000,334,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.09 14:01:28 | 003,470,522 | ---- | M] () -- C:\Users\User\Desktop\BI12_x_L_HT_GG.pdf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.11 13:24:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.05 12:27:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.05 12:05:23 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.02.09 14:01:28 | 003,470,522 | ---- | C] () -- C:\Users\User\Desktop\BI12_x_L_HT_GG.pdf [2012.09.25 14:55:32 | 000,260,580 | ---- | C] () -- C:\Windows\SysWow64\temp.bin [2012.03.31 19:44:46 | 000,099,384 | ---- | C] () -- C:\Users\User\AppData\Roaming\inst.exe [2012.03.31 19:44:46 | 000,007,859 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat [2012.03.31 19:44:46 | 000,001,167 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf [2012.01.07 03:17:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.07 03:17:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.25 08:38:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.04 18:10:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.12.04 18:09:41 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.12.04 18:08:22 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.01 16:50:04 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.11.13 18:38:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.13 18:36:20 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.09.06 16:09:43 | 000,005,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.06 14:20:55 | 000,000,680 | RHS- | C] () -- C:\Users\User\ntuser.pol [2011.09.05 12:14:55 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.05 12:14:55 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.05 12:14:55 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.05 12:14:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.05 12:14:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.14 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Babylon [2013.03.03 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BrowserCompanion [2011.11.27 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Cornelsen [2012.09.16 15:50:20 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DVDVideoSoft [2012.06.22 19:21:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.14 17:34:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Guitar Pro 6 [2013.03.01 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\IObit [2011.12.22 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\MAGIX [2012.01.07 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\MotioninJoy [2012.09.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenCandy [2011.11.09 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org [2013.02.28 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Origin [2011.09.07 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Razer [2011.12.27 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\redsn0w [2013.02.28 20:00:03 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Spotify [2012.06.22 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TuneUp Software [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit [2011.11.26 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari [2011.11.27 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cornelsen [2011.09.05 12:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeviceVm [2013.03.05 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2012.05.06 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EurekaLog [2013.03.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit [2011.12.05 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2012.12.25 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.12.26 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MotioninJoy [2012.05.15 15:49:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mumble [2011.11.13 20:23:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012.12.26 15:24:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2011.09.07 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Razer [2011.11.13 18:56:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung [2012.12.24 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2012.06.01 21:41:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ts3overlay [2013.03.05 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.03.31 19:44:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vso ========== Purity Check ========== < End of report > Extra.txt Code:
ATTFilter OTL Extras logfile created on: 11.03.2013 13:42:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,83% Memory free
15,82 Gb Paging File | 14,18 Gb Available in Paging File | 89,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 8,14 Gb Free Space | 14,58% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 835,62 Gb Free Space | 89,71% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C73D9C5-2BDA-464A-9D1B-A0C04FFD5FFB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23DBB31E-693F-46DF-9EC4-72AADF759832}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BBFD3BB-31C0-4466-9106-1CC0933D6E3F}" = lport=10301 | protocol=17 | dir=in | app=d:\programme\devolo\informer\devinf.exe |
"{2C11540E-F086-45B5-A17F-A65C1703A415}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{341AA7B3-A26E-40A9-A4D3-E3506C49C75B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7DB9DF-EE73-4B09-B47E-FA8B283A6E40}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E1E3F51-6CE2-4CF1-9656-2E75C64EA297}" = rport=445 | protocol=6 | dir=out | app=system |
"{407B895E-09E2-47BC-BE77-7B804B684844}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{421ED6A4-84B5-4826-B4F9-7022E98F1FAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5048A0D5-5740-4541-80E0-31B618DFFF24}" = rport=139 | protocol=6 | dir=out | app=system |
"{5608EF56-9F21-4D5D-9E37-E20FBF41EAF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5614465D-FB21-48DE-A393-A40FDA5DDB49}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{61909D1E-69F5-406B-B128-69015B36F95F}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F1EFE78-7BE8-4427-90BA-F32514390790}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{7C83B537-821F-48F9-9F2E-746D51E95C08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E854F9D-A226-4A61-A877-4056D8C3FFBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E9E7F79-86E8-4B53-9950-A3555BA704EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{838F7A0A-03EF-49CE-9D21-3DCDED33AC1E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A7438C0-1404-4B2C-B1C7-8DC70634B16C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CD0662D-B37A-4634-8203-30E7B176BB14}" = lport=10300 | protocol=6 | dir=in | app=d:\programme\devolo\informer\devinf.exe |
"{D1626298-3A92-46EB-BD63-65CF577ECB6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D2D08246-40B8-4EA3-AC21-F83BCD78D87F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D399BBAC-A93E-46FD-A5A2-E957989EE9B4}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1AD1FAB-A3E9-4C11-8FD6-76AAAB836503}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9AD1F9F-F196-4078-879F-6D30CEA94FDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFA11522-366E-45BB-8ECC-A14155D14B2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E8B6A-7D43-4A76-8914-95751F54C54D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0114DF8B-C1EE-415A-85C3-504280E0F979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AF79B2D-539A-4EBC-9991-A478D6D754A9}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{0B44A1F2-1753-46DD-847D-FB831235BDEC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0C9D5662-5245-46FD-A0D5-2AD288CA9FF1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{0CEEBFC6-DADA-49FE-AFF2-1258B5E2FD87}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{0F47C935-0C63-407D-9FF5-D38A3EA87058}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{156CEFAE-EB29-4E64-8DA9-B03DF28E7D24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E78F0EF-D0D9-4469-985F-9FDABEEA68E5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{20561629-F493-487A-BDAD-C6A0A3C477BC}" = protocol=6 | dir=in | app=d:\games\battlefield\fifa 13\game\fifa13.exe |
"{209F2C43-08EA-476C-8520-34FDDE142B72}" = protocol=17 | dir=in | app=d:\games\battlefield\fifa 13\game\fifa13.exe |
"{23C99E04-7C0E-400D-9FA1-B8E8B664A143}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{247332E6-FD69-419C-ADB6-0B2CD6A2B93F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26E85FFB-92BA-476C-9B9C-C90890168F07}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{2CA7D15D-0450-4CB6-8741-F10FB3D026E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{34741385-231E-4597-B8C5-6053A44D825A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{367E5D9E-EFA5-4874-9C00-A4C6AF5C6AD0}" = protocol=6 | dir=out | app=system |
"{3D505BAA-88E0-406E-9299-6F2020258CC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46D532E2-AD02-4806-B46C-950A6C00DF22}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B4020DB-9FBB-4380-B351-7B4E8DCD8E09}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{507F13EF-4BAC-426B-9D62-786781A6BF93}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{59413495-D9FE-459B-877D-1F6990E654E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66DD1FC0-0374-40D0-9B23-28B465828966}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{683A8074-3FF1-47A3-A3BB-D4BB3050F5D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{694D9C83-6CCC-4D7A-8446-1E87EAA2EAA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6AF98858-8D39-4DFD-8C99-1A5B067501FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6D160040-16C6-410A-9630-A9E0FDD71C4D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{71CCF5F5-86D2-4E8D-BA96-1F3DA8AF543F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{725BE1E1-2C9E-4432-8653-4BEE2BC6329C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{733D377A-E7DF-4E13-8BD4-9CE594389875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A6F112B-B58D-4FAA-B4D5-841EA3044B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{93067249-6505-4C5D-B97F-D27BBA68C248}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{989D1C85-2452-4563-9DD4-989AEC368E61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C4097B7-597E-4364-962A-5B063F152334}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{9CC5F572-5A86-4A47-B1D0-281537391D20}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{9D3AFDF1-0CC4-4A37-B471-4388637A82AA}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{9FE23D71-E0B9-4BAE-9D33-2986BBCF8974}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A35B5615-2E97-468E-B63C-61271CFECAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{A599D92A-25EB-4664-9F39-4A184079736B}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{A706EA49-17F7-49CF-A765-00C2494A2535}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A7D4C512-E460-4E9E-B8D0-E274A70D8347}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{B5DECC74-FF56-42C8-92CB-D7DFF1CCDB57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFBE5F53-B8C8-44AB-BDD7-7B993AAA6F8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2D21169-C106-4A69-ACC4-F70A668C8FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C9E1AC2C-9167-4BDD-91D8-008C374734B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D0FA66F4-8A5C-441A-B553-ECDEE1A793BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2B57B2A-6BA2-406D-9C50-00EC68AFA3B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D62DBE4D-919E-4B8F-9E84-6C9B93467DE8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C189E8-023B-496D-A26C-7FAC46086B28}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E12C1FBD-66CE-4AC3-AFDD-77AF56AD9EBD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E193535D-C54A-4A2C-B5D5-C95A310FB55D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4AA6CE1-EC2E-4D45-9D31-584688AADC17}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E738DFFF-3FFA-4D14-9F2D-1E146183D11A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EC5629D8-23DE-4238-BEAC-9D887825FE60}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{EE73A02A-71CA-4960-9E6A-DCD5E9B53E25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8ED569F-8C07-4D20-895D-00F64FE3C9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{5179461C-30EC-4D7E-AB12-DB99EC65825A}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"TCP Query User{715A93EA-860B-4357-A24F-44E633202C50}D:\games\manager11.exe" = protocol=6 | dir=in | app=d:\games\manager11.exe |
"TCP Query User{866404C9-77FE-4F02-A47D-33D445D256B4}C:\users\adrian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\adrian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{326D5A9D-23BF-40E6-9350-75965253E639}C:\users\adrian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\adrian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3E0365F7-A40F-4705-A319-45B23B0D598D}D:\games\manager11.exe" = protocol=17 | dir=in | app=d:\games\manager11.exe |
"UDP Query User{787BB5B6-C221-4F70-8038-C26CFB638EA0}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = ASUS Bluetooth Suite
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.575
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{ABF9419C-26D2-4765-9D54-FBC4D2394424}" = IObit Toolbar v4.8
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFD8C997-FE93-4C1C-A682-47B6C65F8417}" = English G 21 e-Workbook A4
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Afterburner" = MSI Afterburner 2.1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"BrowserCompanion" = BrowserCompanion
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"ESN Sonar-0.70.4" = ESN Sonar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 1.1.11
"XFastUsb" = XFastUsb
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2013 06:05:05 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 06.03.2013 06:05:05 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 06.03.2013 06:05:05 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 06.03.2013 08:57:47 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.03.2013 04:32:54 | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.03.2013 08:27:29 | Computer Name = User-PC | Source = SetupARService | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.NullReferenceException:
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 11.03.2013 08:29:18 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.03.2013 08:31:55 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 11.03.2013 08:31:55 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 11.03.2013 08:31:55 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 06.03.2013 06:01:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.03.2013 06:01:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 07.03.2013 11:32:12 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.145.1087.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9203.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die
Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Error - 07.03.2013 11:32:12 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.145.1087.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9203.0 Fehlercode: 0x80240022 Fehlerbeschreibung: Die
Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Error - 11.03.2013 03:50:17 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 11.03.2013 08:27:22 | Computer Name = User-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 11.03.2013 08:27:26 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?03.?2013 um 13:24:27 unerwartet heruntergefahren.
Error - 11.03.2013 08:27:29 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 11.03.2013 08:29:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.03.2013 08:29:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 14:12:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.11 55,90GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1780] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074bc1a22 2 bytes [BC, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074bc1ad0 2 bytes [BC, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074bc1b08 2 bytes [BC, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074bc1bba 2 bytes [BC, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074bc1bda 2 bytes [BC, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3128] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\XFastUsb\XFastUsb.exe[3136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\XFastUsb\XFastUsb.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\XFastUsb\XFastUsb.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Razer\Lycosa\razerhid.exe[3156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Razer\Lycosa\razerhid.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Razer\Lycosa\razerhid.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe[3172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe[3172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Razer\DeathAdder\razertra.exe[3280] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Razer\DeathAdder\razertra.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Razer\DeathAdder\razertra.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe[3452] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3840] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1856] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
.text C:\Users\User\Desktop\Tools\gmer_2.1.19155.exe[2416] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007549cfca 5 bytes JMP 00000001747e4540
.text C:\Users\User\Desktop\Tools\gmer_2.1.19155.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075721465 2 bytes [72, 75]
.text C:\Users\User\Desktop\Tools\gmer_2.1.19155.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757214bb 2 bytes [72, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b0f46e
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\000272b0f46e (not active ControlSet)
---- EOF - GMER 2.1 ----
MBAM-log-2013-03-11 (14-41-22).txt Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] 11.03.2013 14:19:48 MBAM-log-2013-03-11 (14-41-22).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 415061 Time elapsed: 21 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 22 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> No action taken. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> No action taken. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> No action taken. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> No action taken. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> No action taken. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> No action taken. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> No action taken. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> No action taken. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> No action taken. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> No action taken. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> No action taken. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> No action taken. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> No action taken. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> No action taken. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> No action taken. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> No action taken. Registry Values Detected: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> No action taken. Files Detected: 64 C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> No action taken. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a47098c772862164f7a3b2c7e60cc8dd (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a47098c772862164f7a3b2c7e60cc8dd_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> No action taken. (end) Mit freundlichen Grüßen ene.mene.muh Geändert von ene.mene.muh (11.03.2013 um 15:24 Uhr) Grund: Kosmetik |
|
11.03.2013, 18:57
| #2 | |
| /// TB-Ausbilder   | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo ene.mene.muh und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Der IObit Malware Fighter hat nicht die besten Referenzen. Ich würd ihn deinstallieren und stattdessen MBAM behalten. Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
12.03.2013, 19:24
| #3 |
| | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Guten Abend Leo!
__________________Erst einmal vielen Dank für die schnelle Antwort gestern Abend. Ich war leider nicht zu Hause, aber jetzt ist alles durchgelaufen. AdwCleaners Ergebnis: AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.114 - Datei am 12/03/2013 um 18:40:36 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Application Updater
Gestoppt & Gelöscht : IB Updater
Gestoppt & Gelöscht : IBUpdaterService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9288d0b138eb15
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={79DACD3E-F6F8-408F-BE2E-1CFE296F8421}&mid=6bbe4f36f2ad47d0a818d1b647e4e9f2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=od011&pr=sa&d=2012-09-16 16:51:10&v=13.2.0.5&sap=hp --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - First Home Page] = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0002F86C&OHP=hxxps%3A%2F%2Fisearch.avg.com%2F%3Fcid%3D%7B79DACD3E%2DF6F8%2D408F%2DBE2E%2D1CFE296F8421%7D%26mid%3D6bbe4f36f2ad47d0a818d1b647e4e9f2%2Dad1491be2ce6c122f6b66faa90e70c2decf7d34c%26lang%3Dde%26ds%3Dod011%26pr%3Dsa%26d%3D2012%2D09%2D16%2016%3A51%3A10%26v%3D12.2.5.34%26sap%3Dhp&OSP=hxxps%3A%2F%2Fisearch.avg.com%2Fsearch%3Fcid%3D%7B79DACD3E%2DF6F8%2D408F%2DBE2E%2D1CFE296F8421%7D%26mid%3D6bbe4f36f2ad47d0a818d1b647e4e9f2%2Dad1491be2ce6c122f6b66faa90e70c2decf7d34c%26lang%3Dde%26ds%3Dod011%26pr%3Dsa%26d%3D2012%2D09%2D16%2016%3A51%3A10%26v%3D12.2.5.34%26sap%3Ddsp%26q%3D%7BsearchTerms%7D --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
*************************
AdwCleaner[R1].txt - [25521 octets] - [01/03/2013 15:01:59]
AdwCleaner[S1].txt - [10807 octets] - [12/03/2013 18:40:36]
########## EOF - C:\AdwCleaner[S1].txt - [10868 octets] ##########
Hier das Log von Combofix (im Übrigen ist mir bei dem Versuch das Log nach dem Neustart zu öffnen eben jene Fehlermeldung untergekommen die du bereits erwähnt hattest, nach einem wiederholten Neustart ging wieder alles wie gewohnt): ComboFix.txt Code:
ATTFilter ComboFix 13-03-11.01 - User 12.03.2013 18:49:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8102.6286 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Adrian\4.0
c:\users\User\AppData\Roaming\inst.exe
c:\windows\SysWow64\tmp31C9.tmp
c:\windows\SysWow64\tmp31CA.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-12 bis 2013-03-12 ))))))))))))))))))))))))))))))
.
.
2013-03-12 17:51 . 2013-03-12 17:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-12 17:46 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D35ECC1D-2D86-415E-8376-F00571CE9538}\mpengine.dll
2013-03-12 17:40 . 2013-03-12 17:40 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-11 14:10 . 2013-03-11 14:10 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-11 13:16 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-06 10:49 . 2013-03-06 10:49 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-03-05 13:26 . 2013-03-05 13:26 -------- d-----w- c:\users\User\AppData\Roaming\DVDVideoSoft
2013-03-05 11:27 . 2013-03-05 11:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-05 11:19 . 2013-03-05 11:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-03-05 11:05 . 2013-01-28 13:19 35104 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-05 11:05 . 2013-01-28 13:19 26400 ----a-w- c:\windows\system32\authuitu.dll
2013-03-05 11:05 . 2013-01-28 13:19 21792 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-05 11:05 . 2013-03-05 11:05 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2013-03-05 11:04 . 2013-03-05 11:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-05 10:57 . 2013-03-05 10:57 -------- d-----w- c:\program files\Unlocker
2013-03-01 13:18 . 2013-03-01 13:18 -------- d-----w- c:\users\Adrian\AppData\Roaming\Malwarebytes
2013-03-01 13:18 . 2013-03-01 13:18 -------- d-----w- c:\programdata\Malwarebytes
2013-03-01 13:18 . 2013-03-01 13:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-01 13:18 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-01 13:17 . 2013-03-01 13:17 -------- d-----w- c:\users\Adrian\AppData\Local\Programs
2013-03-01 12:55 . 2013-03-01 12:55 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-01 12:55 . 2013-03-01 13:31 -------- d-----w- c:\program files (x86)\IObit
2013-02-28 11:12 . 2013-02-28 11:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-28 10:46 . 2013-02-28 10:46 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 18:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:03 . 2013-01-09 01:53 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-14 18:03 . 2013-01-09 01:09 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-02-14 18:03 . 2013-01-09 01:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-14 18:03 . 2013-01-09 01:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-14 18:03 . 2013-01-08 22:42 149528 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-14 18:03 . 2013-01-08 21:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-14 18:03 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-14 13:07 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 13:07 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 13:07 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 13:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 13:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 13:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 13:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 13:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 13:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 13:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 13:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 09:51 . 2012-03-31 18:56 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-05 09:51 . 2011-09-06 09:48 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 09:00 . 2012-10-27 17:44 1316144 ----a-w- c:\windows\system32\dmwu.exe
2013-03-04 08:59 . 2012-10-27 17:44 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-03-04 08:07 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-04 08:07 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-28 10:46 . 2012-09-25 13:54 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-28 10:46 . 2011-11-09 16:44 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-14 18:04 . 2011-09-05 11:54 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2011-04-27 13:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-14 13:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-30 12:33 . 2011-12-26 11:50 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-12-19 21:29 . 2012-12-19 21:29 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-12-19 21:29 . 2012-12-19 21:29 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-12-19 21:29 . 2012-12-19 21:29 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-12-19 21:29 . 2012-12-19 21:29 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-12-19 21:29 . 2012-12-19 21:29 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-12-19 21:29 . 2012-12-19 21:29 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-12-19 21:29 . 2012-12-19 21:29 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-12-19 21:29 . 2012-12-19 21:29 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-19 21:29 . 2012-12-19 21:29 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-12-19 21:29 . 2012-12-19 21:29 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-19 21:29 . 2012-12-19 21:29 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-12-19 21:29 . 2012-12-19 21:29 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-12-19 21:29 . 2012-12-19 21:29 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-12-19 21:29 . 2012-12-19 21:29 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-19 21:29 . 2012-12-19 21:29 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-12-19 21:29 . 2012-12-19 21:29 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-12-19 21:29 . 2012-12-19 21:29 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-12-19 21:29 . 2012-12-19 21:29 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-12-19 21:29 . 2012-12-19 21:29 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-12-19 21:29 . 2012-12-19 21:29 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-12-19 21:29 . 2012-12-19 21:29 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-12-19 21:29 . 2012-12-19 21:29 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-12-19 21:29 . 2012-12-19 21:29 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-12-19 21:29 . 2012-12-19 21:29 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-12-19 21:29 . 2012-12-19 21:29 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-19 21:28 . 2012-12-19 21:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-19 21:28 . 2012-12-19 21:28 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-19 21:28 . 2012-12-19 21:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-19 21:28 . 2012-12-19 21:28 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-19 21:28 . 2012-12-19 21:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-19 21:28 . 2012-12-19 21:28 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-19 21:28 . 2012-12-19 21:28 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-18 18:17 . 2012-12-18 18:17 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B92DF2A0-AFBA-4270-99B3-BDB75902F89C}\gapaengine.dll
2012-12-16 17:11 . 2012-12-20 23:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 23:30 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 23:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 23:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-11-28 12:21 . 2011-12-01 15:50 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\programme\Steam\steam.exe" [2013-02-25 1602984]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-09-05 4942336]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
c:\users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tcbhn.lnk - c:\users\User\AppData\Roaming\BrowserCompanion\tcbhn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="d:\programme\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-12-16 24576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 ALSysIO;ALSysIO; [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-01 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
R3 bulkadi;Razer Megalodon DFU;c:\windows\system32\DRIVERS\bulkrazer_x64.sys [2011-02-09 25088]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-12-16 31808]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-19 19456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-19 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-19 30208]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-09-05 15936]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-11-28 147472]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-11-28 168864]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2011-11-28 25528]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-12-30 121416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\igclhn7f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:dc,32,25,23,c8,a0,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,88,6c,3c,3b,70,4d,a3,db,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,88,6c,3c,3b,70,4d,a3,db,40,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-12 18:53:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-12 17:53
.
Vor Suchlauf: 6 Verzeichnis(se), 13.648.293.888 Bytes frei
Nach Suchlauf: 5.454.405.632 Bytes frei
.
- - End Of File - - DFD9F689C95F26015F23BA368E1CD057
Und hier noch das Ergebnis von OTL: OTL.txt Code:
ATTFilter OTL logfile created on: 12.03.2013 18:58:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,68 Gb Available Physical Memory | 84,44% Memory free 15,82 Gb Paging File | 14,52 Gb Available in Paging File | 91,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 5,22 Gb Free Space | 9,35% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 836,70 Gb Free Space | 89,82% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.11 13:28:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.01.15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe PRC - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2012.12.25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.05 12:18:32 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe PRC - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2007.12.19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe PRC - [2007.11.20 15:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 13:54:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl MOD - [2013.01.12 08:58:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.10 15:51:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:50:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:50:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:50:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:50:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 15:50:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Services (SafeList) ========== SRV - [2013.03.11 13:33:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.16 11:56:57 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.11.28 13:21:00 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.03.01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.30 13:33:31 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.12.19 22:29:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.12.19 22:29:05 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.12.19 22:29:05 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.16 13:36:23 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.11.28 13:20:48 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.11.28 13:20:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.05 12:18:32 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.01 15:44:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.02.16 10:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.09 16:45:12 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 03:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.03.23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.07.05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2012.07.05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys -- (RegFilter) DRV - [2012.01.05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.28 14:34:56 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.google.com IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 D1 75 32 07 E5 CC 01 [binary data] IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\..\SearchScopes\{FFA1E941-373C-4B15-A45B-4C4A0835C30B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-82016817-340743653-2786680247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.06 16:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions\ich@maltegoetz.de [2013.03.05 10:50:47 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.02.28 10:11:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.12 18:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\staged [2013.03.11 13:33:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.04 17:51:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.21 20:11:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.04 17:51:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.04 17:51:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.04 17:51:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.04 17:51:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.12 18:52:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-21-82016817-340743653-2786680247-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-82016817-340743653-2786680247-1000..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-82016817-340743653-2786680247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78801749-ED50-471B-9B87-0FC0D1E59171}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.12 18:53:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.12 18:48:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.12 18:48:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.12 18:48:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.12 18:48:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.12 18:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.12 18:44:42 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.03.11 15:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.11 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.11 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.11 13:28:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.11 13:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tools [2013.03.06 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec logs [2013.03.06 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.03.05 14:26:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2013.03.05 14:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2013.03.05 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec [2013.03.05 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.05 12:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.05 12:05:24 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.05 12:05:24 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.03.05 12:05:24 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.03.05 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.03.05 12:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.03.05 12:04:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.03.01 14:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2013.03.01 14:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 14:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 14:18:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 14:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013.03.01 13:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013.03.01 13:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6 [2013.03.01 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.02.28 12:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.31 19:44:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013.03.12 18:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.12 18:57:25 | 2077,048,831 | -HS- | M] () -- C:\hiberfil.sys [2013.03.12 18:57:06 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 18:57:06 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.12 18:56:48 | 009,657,902 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.12 18:56:48 | 003,260,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.12 18:56:48 | 002,936,742 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.12 18:56:48 | 002,630,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.12 18:56:48 | 000,005,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.12 18:52:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.12 18:44:53 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.03.12 18:40:44 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.12 18:38:59 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.11 13:28:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.11 13:24:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.02.20 18:02:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.15 13:53:38 | 000,334,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.12 18:48:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.12 18:48:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.12 18:48:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.12 18:48:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.12 18:48:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.12 18:40:40 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.12 18:38:53 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.11 13:24:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.05 12:27:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.05 12:05:23 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.25 14:55:32 | 000,260,580 | ---- | C] () -- C:\Windows\SysWow64\temp.bin [2012.03.31 19:44:46 | 000,007,859 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat [2012.03.31 19:44:46 | 000,001,167 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf [2012.01.07 03:17:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.07 03:17:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.25 08:38:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.04 18:10:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.12.04 18:09:41 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.12.04 18:08:22 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.01 16:50:04 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.11.13 18:38:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.13 18:36:20 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.09.06 16:09:43 | 000,005,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.06 14:20:55 | 000,000,680 | RHS- | C] () -- C:\Users\User\ntuser.pol [2011.09.05 12:14:55 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.05 12:14:55 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.05 12:14:55 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.05 12:14:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.05 12:14:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.14 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Babylon [2013.03.03 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BrowserCompanion [2011.11.27 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Cornelsen [2012.09.16 15:50:20 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DVDVideoSoft [2012.06.22 19:21:44 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.14 17:34:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Guitar Pro 6 [2013.03.01 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\IObit [2011.12.22 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\MAGIX [2012.01.07 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\MotioninJoy [2012.09.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenCandy [2011.11.09 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org [2013.02.28 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Origin [2011.09.07 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Razer [2011.12.27 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\redsn0w [2013.02.28 20:00:03 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Spotify [2012.06.22 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TuneUp Software [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2012.01.18 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit [2011.11.26 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari [2011.11.27 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cornelsen [2011.09.05 12:50:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeviceVm [2013.03.05 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2012.05.06 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EurekaLog [2013.03.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit [2011.12.05 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2012.12.25 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.12.26 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MotioninJoy [2012.05.15 15:49:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mumble [2011.11.13 20:23:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012.12.26 15:24:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2011.09.07 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Razer [2011.11.13 18:56:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung [2012.12.24 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2012.06.01 21:41:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ts3overlay [2013.03.05 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.03.31 19:44:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vso ========== Purity Check ========== < End of report > 'Unter Quarantäne gestellte Elemente' Erkanntes Element Adware:Win32/Pricegong Warnstufe Mittel Datum 12.02.2013 15:17 Erkanntes Element BrowserModifier:Win32/DealPly Warnstufe Mittel Datum 24.12.2012 17:57 Erkanntes Element Trojan:Win32/Weelsof.C Warnstufe Schwerwiegend Datum 15.10.2012 15:31 Der letzte Eintrag macht mir besonders Sorgen. Ich hoffe die Informationen kommen nicht zu spät! Falls du weitere Informationen brauchst, werde ich dir so schnell wie möglich antworten. Liebe Grüße und nochmals vielen Dank für die bereits geleistete Hilfe ene.mene.muh |
|
12.03.2013, 19:54
| #4 | |
| /// TB-Ausbilder | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo, Zitat:
Wie läuft der Rechner jetzt? Bemerkst du noch Probleme? Vom Iobit Malwarefighter würd ich dir noch einmal abraten. Verwende doch an seiner Stelle MBAM. Hinweis: Registry CleanerIch sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2013. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Schritt 1
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found
[2012.11.14 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Babylon
[2013.03.03 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BrowserCompanion
:commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
12.03.2013, 22:02
| #5 |
| | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo Leo, TuneUp Utilities 2013 habe ich wie empfohlen deinstalliert (ist sowieso ein Plagegeist mit den ewigen PopUp Werbungen über eigene Produkte) und auch den IObit Uninstaller habe ich rausgeschmissen. Wie sieht es mit dem CCleaner aus? Ich denke mal für den gilt dasselbe wie für TuneUp, richtig? Ich bin mir nicht sicher wegen des Trojaners, da der ja "nur" in Quarantäne ist. Ist er denn dann trotzdem zu finden von den bis jetzt benutzten Programmen oder gibt es da nen super versteckten Ordner den Microsoft sich da explizit anlegen lässt? Seitdem ich die verschiedenen Programme benutzt habe, scheint der PC um einiges langsamer geworden zu sein. Vor allem fällt das beim Startvorgang auf. Ich bin mir gerade nicht ganz sicher ob ich ihn auch ohne eine vorherige von dir empfohlene "Maßnahme" gestartet habe. Auf jeden Fall wirkt er etwas langsam und zeigt mir für meinen Geschmack zu oft den blauen Kringel (Windows 7 auf ner 60GB SSD). Nun zu den Ergebnissen. Der benutzerdefinierte Scan in OTL: 03122013_201856.txt Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk moved successfully.
C:\Users\Adrian\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Adrian\AppData\Roaming\BrowserCompanion folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Adrian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 360825 bytes
->Java cache emptied: 13052578 bytes
->FireFox cache emptied: 74671259 bytes
->Flash cache emptied: 54660 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
->Temp folder emptied: 1292561 bytes
->Temporary Internet Files folder emptied: 115224 bytes
->Java cache emptied: 14842 bytes
->FireFox cache emptied: 66491004 bytes
->Flash cache emptied: 6524 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6742 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3447564 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 152,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03122013_201856
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
MBAM-log-2013-03-12 (20-30-47).txt Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.12.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] 12.03.2013 20:26:58 MBAM-log-2013-03-12 (20-30-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 259075 Time elapsed: 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> No action taken. Files Detected: 53 C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a47098c772862164f7a3b2c7e60cc8dd (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a47098c772862164f7a3b2c7e60cc8dd_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899 (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> No action taken. C:\Users\Adrian\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> No action taken. (end) Auf jeden Fall keine ESET.txt Zu guter letzt der SecurityCheck: checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 15 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader XI Mozilla Firefox (19.0.2) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ich freue mich morgen direkt die nächsten Schritte durchzuführen! Mit freundlichen Grüßen ene.mene.muh P.S. und raus bin ... ich. Gute Nacht! |
|
13.03.2013, 13:09
| #6 | ||||
| /// TB-Ausbilder | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo, Zitat:
Zitat:
Zitat:
Zitat:
Ist das dann nach einem erneuten Neustart immer noch der Fall oder hat es sich wieder normalisiert? Mach bitte noch das folgende: Schritt 1 Downloade dir bitte Farbars Service Scanner und speichere es auf den Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen |
|
13.03.2013, 15:01
| #7 |
| | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo Leo! Die Funde von MBAM hatte ich schon löschen lassen, allerdings habe ich das Log blöderweise vorher abgespeichert.  Hier noch einmal der MBAM Bericht: mbam-log-2013-03-13 (13-51-15).txt Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] 13.03.2013 13:51:15 mbam-log-2013-03-13 (13-51-15).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 414294 Time elapsed: 18 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Farbars Service Scanner: FSS.txt Code:
ATTFilter Farbar Service Scanner Version: 03-03-2013
Ran by User (administrator) on 13-03-2013 at 14:19:04
Running from "C:\Users\User\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
OTL.txt Code:
ATTFilter OTL logfile created on: 13.03.2013 14:20:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,58 Gb Available Physical Memory | 70,48% Memory free 15,82 Gb Paging File | 13,49 Gb Available in Paging File | 85,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 4,65 Gb Free Space | 8,33% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 844,61 Gb Free Space | 90,67% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.11 13:33:08 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.11 13:28:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.01.15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe PRC - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.09.05 12:18:32 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe PRC - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2007.12.19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe PRC - [2007.11.20 15:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe ========== Modules (No Company Name) ========== MOD - [2013.03.11 13:32:56 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.15 13:54:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.15 13:54:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl MOD - [2013.01.12 08:58:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.12 08:58:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.10 15:51:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:50:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:50:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 15:50:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:50:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:50:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 15:50:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.04.14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Services (SafeList) ========== SRV - [2013.03.11 13:33:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.07 16:17:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.16 11:56:57 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.11.28 13:21:00 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.03.01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.30 13:33:31 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.12.19 22:29:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.12.19 22:29:05 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.12.19 22:29:05 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.16 13:36:23 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.11.28 13:20:48 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.11.28 13:20:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.05 12:18:32 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.01 15:44:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.02.16 10:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.09 16:45:12 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bulkrazer_x64.sys -- (bulkadi) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 03:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.03.23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.28 14:34:56 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 D1 75 32 07 E5 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKCU\..\SearchScopes\{FFA1E941-373C-4B15-A45B-4C4A0835C30B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 13:33:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.06 16:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions [2013.03.05 12:21:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\igclhn7f.default\extensions\ich@maltegoetz.de [2013.03.05 10:50:47 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.02.28 10:11:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\igclhn7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.12 20:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.03.11 13:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\staged [2013.03.11 13:33:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.04 17:51:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.21 20:11:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.04 17:51:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.04 17:51:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.04 17:51:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.04 17:51:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.12 18:52:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit) O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78801749-ED50-471B-9B87-0FC0D1E59171}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 14:02:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\logs 13.03.2013 new [2013.03.13 13:43:18 | 000,354,265 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FSS.exe [2013.03.12 22:10:49 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.12 22:10:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.12 22:10:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.12 22:10:47 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.12 22:09:40 | 031,521,184 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\jre-7u17-windows-i586.exe [2013.03.12 22:05:28 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.12 22:05:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.12 22:05:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.12 22:05:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.12 22:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.12 22:04:00 | 033,003,424 | ---- | C] (Oracle Corporation) -- C:\Users\User\Desktop\jre-7u17-windows-x64.exe [2013.03.12 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.03.12 20:27:41 | 002,347,384 | ---- | C] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe [2013.03.12 20:18:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.12 18:53:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.12 18:48:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.12 18:48:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.12 18:48:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.12 18:48:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.12 18:48:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.12 18:44:42 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.03.11 15:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.11 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.11 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.11 13:28:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.11 13:27:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Tools [2013.03.06 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec logs [2013.03.06 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.03.05 14:26:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2013.03.05 14:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2013.03.05 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sec [2013.03.05 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.05 12:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.05 12:04:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.03.05 11:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.03.01 14:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 14:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 14:18:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 14:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled [2013.03.01 13:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} [2013.03.01 13:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6 [2013.03.01 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.02.28 12:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.27 20:26:15 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 20:26:15 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 20:26:15 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 20:26:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 20:26:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 20:26:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 20:26:12 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 20:26:12 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 20:26:12 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 20:26:12 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 20:26:12 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 20:26:12 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 20:26:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 20:26:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 20:26:12 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 20:26:12 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 20:26:11 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 20:26:11 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 20:26:11 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 20:26:11 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 20:26:11 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 20:26:11 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 20:26:11 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 20:26:11 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 20:26:11 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 20:26:11 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 20:26:11 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 20:26:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 20:26:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 20:26:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 20:26:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 20:26:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 20:26:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 20:26:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 20:26:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 20:26:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 20:26:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 20:26:10 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 20:26:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 20:26:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 20:26:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.14 19:03:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 19:03:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 19:02:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 19:02:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 19:02:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 19:02:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 19:02:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 19:02:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 19:02:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 19:02:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 19:02:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 19:02:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 19:02:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 19:02:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 19:02:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.14 14:07:07 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.14 14:07:07 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.14 14:07:06 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.14 14:07:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.14 14:07:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.14 14:07:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.14 14:07:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.14 14:07:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.14 14:07:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.14 14:07:03 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.03.31 19:44:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\User\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013.03.13 13:48:11 | 009,775,582 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.13 13:48:11 | 003,295,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.13 13:48:11 | 002,974,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.13 13:48:11 | 002,663,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.13 13:48:11 | 000,005,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.13 13:43:23 | 000,354,265 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FSS.exe [2013.03.13 13:40:33 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 13:40:33 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 13:33:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 13:33:24 | 2077,048,831 | -HS- | M] () -- C:\hiberfil.sys [2013.03.12 22:10:45 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.12 22:10:44 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.12 22:10:44 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.12 22:10:44 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.12 22:10:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.12 22:10:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.12 22:10:19 | 031,521,184 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\jre-7u17-windows-i586.exe [2013.03.12 22:05:24 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.12 22:05:24 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.12 22:05:24 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.12 22:05:23 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.12 22:05:23 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.12 22:05:23 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.12 22:04:36 | 033,003,424 | ---- | M] (Oracle Corporation) -- C:\Users\User\Desktop\jre-7u17-windows-x64.exe [2013.03.12 21:42:38 | 000,890,798 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe [2013.03.12 20:27:47 | 002,347,384 | ---- | M] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe [2013.03.12 18:52:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.12 18:44:53 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.03.12 18:40:44 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.12 18:38:59 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.11 13:28:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.11 13:24:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.05 10:51:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.05 10:51:39 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.03.04 09:07:22 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.03.04 09:07:22 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.02.20 18:02:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.15 13:53:38 | 000,334,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.12 21:42:37 | 000,890,798 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe [2013.03.12 18:48:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.12 18:48:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.12 18:48:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.12 18:48:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.12 18:48:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.12 18:40:40 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.12 18:38:53 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.03.11 13:24:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.05 12:27:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.09.25 14:55:32 | 000,260,580 | ---- | C] () -- C:\Windows\SysWow64\temp.bin [2012.03.31 19:44:46 | 000,007,859 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.cat [2012.03.31 19:44:46 | 000,001,167 | ---- | C] () -- C:\Users\User\AppData\Roaming\pcouffin.inf [2012.01.07 03:17:38 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.07 03:17:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.25 08:38:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.04 18:10:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.12.04 18:09:41 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.12.04 18:08:22 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.01 16:50:04 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.11.13 18:38:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.13 18:36:20 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.09.06 16:09:43 | 000,005,384 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.06 14:20:55 | 000,000,680 | RHS- | C] () -- C:\Users\User\ntuser.pol [2011.09.05 12:14:55 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.05 12:14:55 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.05 12:14:55 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.09.05 12:14:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.09.05 12:14:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 14:20:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,58 Gb Available Physical Memory | 70,48% Memory free
15,82 Gb Paging File | 13,49 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 4,65 Gb Free Space | 8,33% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 844,61 Gb Free Space | 90,67% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C73D9C5-2BDA-464A-9D1B-A0C04FFD5FFB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23DBB31E-693F-46DF-9EC4-72AADF759832}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BBFD3BB-31C0-4466-9106-1CC0933D6E3F}" = lport=10301 | protocol=17 | dir=in | app=d:\programme\devolo\informer\devinf.exe |
"{2C11540E-F086-45B5-A17F-A65C1703A415}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{341AA7B3-A26E-40A9-A4D3-E3506C49C75B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B7DB9DF-EE73-4B09-B47E-FA8B283A6E40}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E1E3F51-6CE2-4CF1-9656-2E75C64EA297}" = rport=445 | protocol=6 | dir=out | app=system |
"{407B895E-09E2-47BC-BE77-7B804B684844}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{421ED6A4-84B5-4826-B4F9-7022E98F1FAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5048A0D5-5740-4541-80E0-31B618DFFF24}" = rport=139 | protocol=6 | dir=out | app=system |
"{5608EF56-9F21-4D5D-9E37-E20FBF41EAF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5614465D-FB21-48DE-A393-A40FDA5DDB49}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{61909D1E-69F5-406B-B128-69015B36F95F}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F1EFE78-7BE8-4427-90BA-F32514390790}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{7C83B537-821F-48F9-9F2E-746D51E95C08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E854F9D-A226-4A61-A877-4056D8C3FFBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E9E7F79-86E8-4B53-9950-A3555BA704EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{838F7A0A-03EF-49CE-9D21-3DCDED33AC1E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A7438C0-1404-4B2C-B1C7-8DC70634B16C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CD0662D-B37A-4634-8203-30E7B176BB14}" = lport=10300 | protocol=6 | dir=in | app=d:\programme\devolo\informer\devinf.exe |
"{D1626298-3A92-46EB-BD63-65CF577ECB6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D2D08246-40B8-4EA3-AC21-F83BCD78D87F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D399BBAC-A93E-46FD-A5A2-E957989EE9B4}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1AD1FAB-A3E9-4C11-8FD6-76AAAB836503}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9AD1F9F-F196-4078-879F-6D30CEA94FDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFA11522-366E-45BB-8ECC-A14155D14B2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E8B6A-7D43-4A76-8914-95751F54C54D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0114DF8B-C1EE-415A-85C3-504280E0F979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AF79B2D-539A-4EBC-9991-A478D6D754A9}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{0B44A1F2-1753-46DD-847D-FB831235BDEC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0C9D5662-5245-46FD-A0D5-2AD288CA9FF1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{0CEEBFC6-DADA-49FE-AFF2-1258B5E2FD87}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{0F47C935-0C63-407D-9FF5-D38A3EA87058}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{156CEFAE-EB29-4E64-8DA9-B03DF28E7D24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E78F0EF-D0D9-4469-985F-9FDABEEA68E5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{20561629-F493-487A-BDAD-C6A0A3C477BC}" = protocol=6 | dir=in | app=d:\games\battlefield\fifa 13\game\fifa13.exe |
"{209F2C43-08EA-476C-8520-34FDDE142B72}" = protocol=17 | dir=in | app=d:\games\battlefield\fifa 13\game\fifa13.exe |
"{23C99E04-7C0E-400D-9FA1-B8E8B664A143}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{247332E6-FD69-419C-ADB6-0B2CD6A2B93F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26E85FFB-92BA-476C-9B9C-C90890168F07}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{2CA7D15D-0450-4CB6-8741-F10FB3D026E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{34741385-231E-4597-B8C5-6053A44D825A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{367E5D9E-EFA5-4874-9C00-A4C6AF5C6AD0}" = protocol=6 | dir=out | app=system |
"{3D505BAA-88E0-406E-9299-6F2020258CC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46D532E2-AD02-4806-B46C-950A6C00DF22}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B4020DB-9FBB-4380-B351-7B4E8DCD8E09}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{507F13EF-4BAC-426B-9D62-786781A6BF93}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{59413495-D9FE-459B-877D-1F6990E654E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66DD1FC0-0374-40D0-9B23-28B465828966}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{683A8074-3FF1-47A3-A3BB-D4BB3050F5D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{694D9C83-6CCC-4D7A-8446-1E87EAA2EAA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6AF98858-8D39-4DFD-8C99-1A5B067501FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6D160040-16C6-410A-9630-A9E0FDD71C4D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{71CCF5F5-86D2-4E8D-BA96-1F3DA8AF543F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{725BE1E1-2C9E-4432-8653-4BEE2BC6329C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{733D377A-E7DF-4E13-8BD4-9CE594389875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A6F112B-B58D-4FAA-B4D5-841EA3044B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{93067249-6505-4C5D-B97F-D27BBA68C248}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{989D1C85-2452-4563-9DD4-989AEC368E61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C4097B7-597E-4364-962A-5B063F152334}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{9CC5F572-5A86-4A47-B1D0-281537391D20}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{9D3AFDF1-0CC4-4A37-B471-4388637A82AA}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\scorch995\counter-strike source\hl2.exe |
"{9FE23D71-E0B9-4BAE-9D33-2986BBCF8974}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A35B5615-2E97-468E-B63C-61271CFECAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{A599D92A-25EB-4664-9F39-4A184079736B}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{A706EA49-17F7-49CF-A765-00C2494A2535}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A7D4C512-E460-4E9E-B8D0-E274A70D8347}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{B5DECC74-FF56-42C8-92CB-D7DFF1CCDB57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFBE5F53-B8C8-44AB-BDD7-7B993AAA6F8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2D21169-C106-4A69-ACC4-F70A668C8FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C9E1AC2C-9167-4BDD-91D8-008C374734B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D0FA66F4-8A5C-441A-B553-ECDEE1A793BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2B57B2A-6BA2-406D-9C50-00EC68AFA3B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D62DBE4D-919E-4B8F-9E84-6C9B93467DE8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C189E8-023B-496D-A26C-7FAC46086B28}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{E12C1FBD-66CE-4AC3-AFDD-77AF56AD9EBD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E193535D-C54A-4A2C-B5D5-C95A310FB55D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4AA6CE1-EC2E-4D45-9D31-584688AADC17}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E738DFFF-3FFA-4D14-9F2D-1E146183D11A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EC5629D8-23DE-4238-BEAC-9D887825FE60}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{EE73A02A-71CA-4960-9E6A-DCD5E9B53E25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8ED569F-8C07-4D20-895D-00F64FE3C9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{5179461C-30EC-4D7E-AB12-DB99EC65825A}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"TCP Query User{715A93EA-860B-4357-A24F-44E633202C50}D:\games\manager11.exe" = protocol=6 | dir=in | app=d:\games\manager11.exe |
"TCP Query User{866404C9-77FE-4F02-A47D-33D445D256B4}C:\users\adrian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\adrian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{326D5A9D-23BF-40E6-9350-75965253E639}C:\users\adrian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\adrian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3E0365F7-A40F-4705-A319-45B23B0D598D}D:\games\manager11.exe" = protocol=17 | dir=in | app=d:\games\manager11.exe |
"UDP Query User{787BB5B6-C221-4F70-8038-C26CFB638EA0}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = ASUS Bluetooth Suite
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.11
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFD8C997-FE93-4C1C-A682-47B6C65F8417}" = English G 21 e-Workbook A4
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Afterburner" = MSI Afterburner 2.1.0
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"VLC media player" = VLC media player 1.1.11
"XFastUsb" = XFastUsb
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2013 08:35:19 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2013 08:37:46 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:37:46 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:37:46 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 13.03.2013 08:41:33 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:41:33 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:41:33 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 13.03.2013 08:48:08 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:48:08 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 13.03.2013 08:48:08 | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 12.03.2013 17:07:00 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 12.03.2013 17:09:00 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.03.2013 17:09:00 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.03.2013 08:33:23 | Computer Name = User-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 13.03.2013 08:33:30 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 13.03.2013 08:35:31 | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.03.2013 08:35:31 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.03.2013 08:39:30 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 13.03.2013 08:40:47 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 13.03.2013 08:46:12 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR7 gefunden.
< End of report >
 Mit freundlichen Grüßen ene.mene.muh P.S. Nach einem Neustart ist er wieder wie gewohnt schnell unterwegs. Geändert von ene.mene.muh (13.03.2013 um 15:06 Uhr) Grund: Nachtrag |
|
13.03.2013, 15:20
| #8 | ||
| /// TB-Ausbilder | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Hallo, Zitat:
Zitat:
In diesem Fall sollten wir alles erledigt haben. Bleibt nur noch das Aufräumen: Schritt 1 Dein Flashplayer im Internet Explorer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Schritt 2 Starte defogger und drücke den Button Re-enable. Schritt 3 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die  + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter Combofix /Uninstall
Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 4 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
13.03.2013, 22:32
| #9 |
| | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Guten Abend Leo, ich möchte mich noch einmal herzlichst für all deine Bemühungen, deine Zeit und den Aufwand den du betrieben hast, bedanken! Ich habe alles wie beschrieben durchgeführt, wobei mir die Deinstallation von Combofix im Herzen weh getan hat. Sowohl CCleaner als auch Advanced Systemcare 6 wurden erfolgreich vertrieben. In dem Durchgang habe ich einige alte Spiele von meinem Bruder gelöscht. Dabei habe ich festgestellt, dass noch einige alte Verknüpfungen sowohl im Windows Startmenü, als auch in meinem C:\Programmordner, zu finden sind. Gibt es ein Tool, das von euch in diesem Fall empfohlen wird? (Die Antwort hier drauf nehme ich auch gerne als PN entgegen, aber ich glaube das liegt in deinem Ermessensraum.) Ansonsten auch noch mal ein Danke für die vielen Tipps und Tricks bzw Do's und Dont's wie du es so schön beschrieben hast. Ich kannte den Großteil schon, aber besonders die Brain.exe werde ich dem Kurzen mal ans Herz legen. Bis ich mir irgendwann mal ein Paypal Konto zu lege, kann ich euch erst einmal nur ein herzliches Dankeschön und ein aus Bits und Bytes bestehendes Schulterklopfen spenden. Mit freundlichen Grüßen ene.mene.muh |
|
14.03.2013, 00:35
| #10 |
| /// TB-Ausbilder | Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen Danke für die Rückmeldung. Freut mich, dass wir helfen konnten.  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen |
| .com, avg secure search, bho, bonjour, browser, browser manager, cid, dealply, desktop, entfernen, error, firefox, flash player, funmoods entfernen, google, helper, home, install.exe, jquery, launch, logfile, malware, plug-in, popup, prozess, realtek, registry, richtlinie, secure search, security, software, svchost.exe, systemcare, teamspeak, windows |
Textbox.
Linear-Darstellung
