Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine

Maiandros · 16.05.2013, 14:14

Hallo,
ich habe mir mal wieder was eingefangen und brauche Hilfe bei der Entfernung...

Überschrift beschreibt eigentlich alles.

defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:03 on 16/05/2013 (Jerekin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL extras:

Zitat:

OTL Extras logfile created on: 16.05.2013 13:06:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerekin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,43% Memory free
7,71 Gb Paging File | 6,43 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,38 Gb Free Space | 42,82% Space Free | Partition Type: NTFS

Computer Name: HELLCAT | User Name: Jerekin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BA2690-6FD5-457F-AE24-C67C2DE27651}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{547F2209-0456-4525-931C-5E0639485DD2}" = lport=445 | protocol=6 | dir=in | app=system |
"{5518BDDE-39E5-4776-9E6D-92860CD0DE5E}" = lport=138 | protocol=17 | dir=in | app=system |
"{56FB068A-0767-4BDB-9246-CBD435D35B0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{631AF7C9-7896-4242-B3C4-EADAF14B07CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8350F559-E2D9-4F23-B77D-DB683DB8805E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8B03EB64-5C3E-4B64-9B3D-56190564451C}" = rport=445 | protocol=6 | dir=out | app=system |
"{91164E4B-FECA-4F3C-9E93-26C07E7C3FA3}" = rport=138 | protocol=17 | dir=out | app=system |
"{B7F923BC-F100-4CA6-B326-799A35554F74}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9E0AC24-4B8F-4067-B319-DC5A95BCD5D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE154FEF-8930-4E3A-9E1D-F6A7B34CC053}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4FA9C01-D7EB-4AFA-A56F-10592D71DF91}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDF34E8B-51D2-45FD-8551-491352DAF75A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF9F9C46-EA37-4C35-8E78-D4762175D76F}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1C305-E0E5-44ED-BD31-47DBB06130BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BF02CD5-FB0A-4B82-AD8A-977F7AB805FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1FD1381C-E40A-4F7E-9C21-D6338FAABE0E}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{2CD9FADC-86EA-4C20-8950-F675FDF2094B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{585E9200-AED7-465E-9C95-A5E211010B63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A8080D5-EF0D-4AE1-8AAA-0A95CFB1E636}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F5885CE-3EE6-4A18-B466-FF6499B1D9D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60041584-8259-4D95-8C67-C2D8E365BC6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{65F566E5-7C7D-46D2-81D2-658FF72058B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AF58DA1-E432-47DC-ABD1-82BD546FEB95}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{71E39B0D-3588-4679-B36A-A7A9B6E38471}" = protocol=17 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraftsp.exe |
"{762DDC18-4F82-4A25-A09F-396633367F66}" = protocol=6 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraftsp.exe |
"{7D0D2303-571F-4FF8-AE56-A088A7E332D7}" = protocol=6 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraft.exe |
"{7F3D29C5-6D81-430F-A15D-809D64625E18}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C7CAA99-72DA-46FB-85BE-675DCBD95024}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{8D90FF72-5D3A-4930-9472-D2859B4874BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9AE1C42F-D0C7-4962-B93D-4200E49B2899}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{A0E46D43-BC9C-4B4B-88E2-1FA64F2B7A6B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2DDEF63-980A-4373-A249-2A461439E7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{A4DEA1DE-EF39-42C8-88F7-A14661672B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B72DD198-2E27-46B2-BE7A-8E429D968552}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BA2E3713-5DBF-4DD1-A804-BC45A69DF9F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BA7008FE-8911-45E9-9D5C-9D02EAAB2E2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE42B1F-33B2-4FA9-8D13-D13C6997F9D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C181DD9C-62F2-41AB-A7D6-9C719B2E98BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C280DC3F-9DBB-4784-A7E3-FD2E6E1501CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{CD6DED91-B449-4D56-BDC9-74FEFCFFCBD8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CE1B7D06-14A1-4CAD-B228-B30CA2EE34F4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{D29751AB-5540-47B3-817B-9E26B3B56607}" = protocol=17 | dir=in | app=c:\program files (x86)\minecraftalpha\minecraft.exe |
"{D5CE7A48-09CB-4150-AED5-1D4B6C9D190F}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{E0FBEE88-BB04-41BD-BCBA-48194A51A3DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFFB9BB1-33CE-4B36-B8AA-EF83223A12C7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2BBF3A4-9157-4037-9B82-904EC3B4E261}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{F9101E42-227E-40E9-B285-41EB60A78BC2}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{FABC593B-635C-48A6-AD1A-EC5152739780}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB7A8429-11A5-4414-BA3A-17C615C6EB65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{18CCBC27-8430-4448-B5E9-81F007ABF7BE}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"TCP Query User{1F380E40-C572-4994-989E-82E4F973B062}C:\program files (x86)\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1404\tools\addonweb.exe |
"TCP Query User{3244D409-28A0-42DD-A377-FCFB2E74EADA}C:\program files (x86)\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soldat\soldat.exe |
"TCP Query User{4360D866-88C3-4B04-BB1A-8575A9F44B4F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{4EA0C0DC-4C2C-4BF9-8014-4FF0B6EBB58F}C:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe |
"TCP Query User{513DFE39-325D-4631-8C0A-3A94059A2558}F:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{5E67F409-111B-45D7-86C7-E3D344302A0E}F:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\spiele\warcraft iii\war3.exe |
"TCP Query User{67D9DC85-CC46-450D-B15F-A6198065E71D}C:\program files (x86)\anno 1404\addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1404\addon.exe |
"TCP Query User{86BB51F8-478F-4443-814B-0F3C5D38E55B}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{A3C7ACD1-BF23-4438-90F2-5C2604AD1985}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{AC3D6AED-350A-44AF-B758-8593C7D7D6F2}C:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe |
"TCP Query User{CF8F7AB3-4322-4C91-A2F8-C5AC4C7E6687}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{D897777A-DA52-4DF3-A0A1-09403E4113FC}C:\program files (x86)\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft 3\war3.exe |
"TCP Query User{E17BCA94-8068-48A6-9EC4-213DA21D6791}C:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe |
"TCP Query User{F693A837-DBF2-4154-88DA-B6729E821F3B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{30E0AB72-41F3-4F7E-AD3C-268E3BCEDC16}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{387336F4-8508-435F-956C-D7FDF590A551}C:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw lanfixed.exe |
"UDP Query User{43FC3118-C1A0-4ED7-B03B-0839547D984B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{4910F64D-63E8-4D8F-8899-150FE4C84095}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{77DEBEF8-E5A5-4992-97EC-2A2FBF7E6D91}F:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\spiele\warcraft iii\war3.exe |
"UDP Query User{7DC6D2A6-F7C2-4516-8710-4D8BEE887F15}C:\program files (x86)\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soldat\soldat.exe |
"UDP Query User{816B8D4A-1C1A-4DA4-BE53-DC4D7AF64B7D}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{926FBE5D-8057-4290-A15E-D597E6C9E42C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{A47AA02A-C4F5-4E69-8338-5C8F5A0941DC}C:\program files (x86)\anno 1404\addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1404\addon.exe |
"UDP Query User{A4BEFFEB-D50B-4114-9F4F-C9BB7F25E655}C:\program files (x86)\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1404\tools\addonweb.exe |
"UDP Query User{B8D81D7D-74E8-49EA-9E52-7C1D2F22A995}F:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BADAF00C-4191-40FE-8428-F34FF137654D}C:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwawmp.exe |
"UDP Query User{BC24AC2F-DFE7-4093-841B-BF14AF01BAC5}C:\program files (x86)\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft 3\war3.exe |
"UDP Query User{BE818080-4F68-4459-90D1-6EB9E78FF031}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"UDP Query User{ECAD624E-438C-4417-838B-77F5F9F0D82F}C:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 5 - world at war 2\codwaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{290329c4-a276-3aec-b633-9f5a39d8dd96}" = Python 3.3.0 (64-bit)
"{3617E59D-B064-8BD2-438B-8F1089285F12}" = ATI Catalyst Install Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C578CCFC-51AF-6BF2-072B-69F8C31D3F93}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{043F2AB2-AF6B-2589-AEB9-5D418128DDD9}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052407E4-0A65-99C3-404E-6E38C96A59A5}" = Catalyst Control Center Graphics Full New
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23BE89A5-9D98-4178-4256-373C99C33170}" = CCC Help German
"{249201FA-FF48-7003-3554-69E701135176}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2B83FD9D-5645-23E3-C747-0397E1AC1D2C}" = CCC Help Portuguese
"{3050F6B7-0526-5713-CC53-72173558BCE8}" = CCC Help Turkish
"{335454E8-FEA3-F6AC-A447-3A346986F336}" = Catalyst Control Center Graphics Full Existing
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48A5740D-2A80-39A8-7A54-8DDFDD317CCF}" = CCC Help Dutch
"{49DD4818-3233-5F02-7052-0B243FB3B71A}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6363BEC5-606C-2DFA-4919-0EA54D8C9C9D}" = CCC Help French
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7D5D8D67-4B75-7098-05E9-0BF701EDA637}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838B4D12-6538-7C25-3A4F-2982583ADF2C}" = CCC Help Chinese Traditional
"{8435634B-B801-7ED6-1435-D74423DDA01B}" = CCC Help Thai
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8A965374-2E42-8167-E544-28AD9C1108E4}" = CCC Help Korean
"{8E223E43-047F-5275-E396-AC298F0296E9}" = Catalyst Control Center Core Implementation
"{8E537006-E6AC-126B-2585-588040DBAEE4}" = CCC Help Spanish
"{8E9D7728-27D6-2444-8E23-00D7B98A3413}" = CCC Help Swedish
"{91339326-913A-349A-0B34-5A87AE359E27}" = CCC Help Chinese Standard
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93304168-BA94-6C70-1F27-EB59521640B1}" = Catalyst Control Center Graphics Previews Common
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9AFC3B12-1AC9-4613-8AC8-15C2B4854D73}" = Internet Turbo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D45BB2E-07BB-5A66-B5A1-B856E55C3E67}" = CCC Help Finnish
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE724D41-088E-C204-6418-9F416129C939}" = ccc-core-static
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B375D641-9644-E4F6-963C-8CB3097C9F02}" = Catalyst Control Center InstallProxy
"{B92C36C6-E573-D6A2-4C76-A4912DA88E83}" = CCC Help Czech
"{BAB06721-6506-B106-B0BB-12953B07C1F1}" = Catalyst Control Center Localization All
"{BCBA68A6-EF04-3D34-65B2-B4D950605A11}" = CCC Help Russian
"{BD0B5456-9E2F-DCB8-A420-3164BC5B8C45}" = CCC Help Greek
"{BD884EFD-BA69-2FF9-FB21-95D4D6ABCD78}" = CCC Help Norwegian
"{C30FF28E-1D18-BD81-8B18-B784B0E7A3AD}" = Catalyst Control Center Graphics Previews Vista
"{C703222F-B0CD-4FFA-949C-03366B350028}" = JH NameGen Speech Module
"{CB133B2F-42BB-7345-97DC-D6FEA6881B2B}" = CCC Help Polish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFA943CF-B56B-4525-9F2E-38D39D86FBE4}" = CCC Help Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F31766DA-D5DE-739D-D970-746286EB8533}" = CCC Help Hungarian
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AniFX_is1" = AniFX 1.0
"avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Free Audio Converter_is1" = Free Audio Converter version 5.0.16.819
"Freemake Video Downloader_is1" = Freemake Video Downloader
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JH NameGen Gold_is1" = JH NameGen Gold 1.1.3
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RaidCall" = RaidCall
"Steam App 218230" = PlanetSide 2
"TagScanner_is1" = TagScanner 5.1.620
"Trine_is1" = Trine 1.08
"VLC media player" = VLC media player 2.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1177b2ef-2b60-49f9-998c-a800db67abf6}" = Internet Turbo Engine

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08.05.2013 05:30:54 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x4c0 Startzeit der fehlerhaften Anwendung: 0x01ce4bcda0ba0dda Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: fa552dcb-b7c1-11e2-86c6-883801e125fb

Error - 08.05.2013 08:00:24 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0xa34 Startzeit der fehlerhaften Anwendung: 0x01ce4be01c1024d1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: dce4976a-b7d6-11e2-8752-977921c119fb

Error - 08.05.2013 15:40:07 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0x80000003 Fehleroffset: 0x0005801d ID des fehlerhaften
Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01ce4c1ec28e9187 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 15ae639a-b817-11e2-8638-d0303857bcfa

Error - 11.05.2013 17:29:46 | Computer Name = Hellcat | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.6.0.389 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1a44 Startzeit: 01ce4e8e4dbb10e5 Endzeit: 3 Anwendungspfad:
C:\Program Files (x86)\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.229\deploy\League
of Legends.exe Berichts-ID: 8f646372-ba81-11e2-872d-b639544b56fb

Error - 13.05.2013 11:41:29 | Computer Name = Hellcat | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f90 Startzeit: 01ce4ff0427ac95f Endzeit: 0 Anwendungspfad: C:\Program
Files (x86)\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 91edfeb8-bbe3-11e2-9c1b-c0cb38d969ee

Error - 14.05.2013 07:59:39 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung: 0x01ce5096b42cd15d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: c0f36c57-bc8d-11e2-9c57-c0cb38d969ee

Error - 14.05.2013 10:39:22 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x1430 Startzeit der fehlerhaften Anwendung: 0x01ce509e54951f93 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 10802c39-bca4-11e2-9c57-c0cb38d969ee

Error - 14.05.2013 11:54:36 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0x01ce50b37ce3cace Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.13\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 92f29fe8-bcae-11e2-9c57-c0cb38d969ee

Error - 14.05.2013 21:43:39 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01ce51093b8d1d12 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
dd0a5a94-bd00-11e2-9e09-c0cb38d969ee

Error - 15.05.2013 20:02:11 | Computer Name = Hellcat | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: zipfldr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ce7ca34 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fef1e021b6
ID
des fehlerhaften Prozesses: 0x634 Startzeit der fehlerhaften Anwendung: 0x01ce51a0ecdb02fe
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
zipfldr.dll Berichtskennung: db251a33-bdbb-11e2-9dea-c0cb38d969ee

[ Media Center Events ]
Error - 07.11.2012 18:33:15 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 23:33:15 - Fehler beim Herstellen der Internetverbindung. 23:33:15
- Serververbindung konnte nicht hergestellt werden..

Error - 07.11.2012 19:33:20 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 00:33:20 - Fehler beim Herstellen der Internetverbindung. 00:33:20
- Serververbindung konnte nicht hergestellt werden..

Error - 09.11.2012 16:19:35 | Computer Name = Hellcat | Source = MCUpdate | ID = 0
Description = 21:19:35 - Fehler beim Herstellen der Internetverbindung. 21:19:35
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

Error - 16.05.2013 06:26:23 | Computer Name = Hellcat | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2

< End of report >

OTL:

Zitat:

OTL logfile created on: 16.05.2013 13:06:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jerekin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,43% Memory free
7,71 Gb Paging File | 6,43 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 199,38 Gb Free Space | 42,82% Space Free | Partition Type: NTFS

Computer Name: HELLCAT | User Name: Jerekin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
PRC - [2013.05.16 02:01:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013.04.29 14:09:14 | 000,020,992 | ---- | M] (Smartbar) -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.16 02:00:10 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013.05.16 02:00:09 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013.05.16 02:00:08 | 000,146,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.05.15 16:51:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 16:51:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 16:51:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.29 14:09:56 | 000,020,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.04.29 14:09:48 | 000,026,112 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.04.29 14:09:48 | 000,020,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.04.29 14:09:42 | 000,051,712 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.04.29 14:09:42 | 000,014,336 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.04.29 14:09:40 | 000,112,640 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.04.29 14:09:38 | 000,045,056 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.04.29 14:09:36 | 000,078,848 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.04.29 14:09:36 | 000,016,896 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.04.29 14:09:32 | 000,019,456 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.04.29 14:09:30 | 000,057,856 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.04.29 14:09:24 | 000,013,312 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.04.29 14:09:22 | 000,034,304 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.04.29 14:09:22 | 000,014,848 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.04.29 14:09:22 | 000,014,336 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.04.29 14:09:16 | 001,675,776 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.04.29 14:09:16 | 000,660,480 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.04.29 14:09:16 | 000,081,920 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.04.29 14:08:16 | 000,048,128 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.04.29 14:08:04 | 000,026,112 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2013.02.13 13:32:57 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.13 13:32:55 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.20 12:34:36 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.01.20 12:34:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.20 12:34:11 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013.01.20 12:31:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.20 12:31:46 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.20 12:31:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.20 12:31:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.20 12:31:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.20 12:31:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.20 12:31:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.20 12:30:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.04 17:57:40 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010.09.14 17:22:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.16 02:01:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (eSafeSvc)
SRV - [2013.05.15 00:30:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 09:14:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.06 17:25:35 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.09.02 14:34:25 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.07 14:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.15 14:50:10 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.09.15 13:41:50 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.09.15 13:41:44 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.09.15 13:41:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.09.15 13:41:44 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.09.15 13:38:38 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.09.14 17:23:02 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.14 17:02:58 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.09.08 09:43:26 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.08.16 13:54:34 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.12 12:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010.05.12 12:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010.05.12 12:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.12 12:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 19 D3 B7 2E 73 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=4259888
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493"
FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.14
FF - prefs.js..extensions.enabledAddons: %7B7BDB48D1-CD94-4B99-A5A4-E418B9EE6532%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B8aa012b6-7927-4b7d-ac7b-d6675ad3fd77%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&installDate=16/05/2013&q="
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Jerekin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.10 14:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()

[2013.05.16 01:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Extensions
[2013.05.16 12:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions
[2013.05.16 02:01:44 | 000,000,000 | ---D | M] ("Internet Turbo") -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{8aa012b6-7927-4b7d-ac7b-d6675ad3fd77}
[2013.04.03 13:47:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.12 22:54:29 | 000,281,921 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.05.06 13:24:07 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 23:28:52 | 007,704,332 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
[2013.05.09 14:05:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.16 02:00:38 | 000,002,439 | ---- | M] () -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\searchplugins\Web Search.xml
[2013.04.14 21:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM
[2013.03.10 14:57:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.12 09:14:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.31 02:49:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.05.16 02:01:33 | 000,000,730 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Jerekin\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C15F93F-58AD-4B85-A730-99F1AE666285}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.16 13:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\Documents\Osprey
[2013.05.16 11:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.05.16 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.16 02:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013.05.16 02:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.05.16 02:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\eIntaller
[2013.05.16 02:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.16 02:00:07 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\Smartbar
[2013.05.16 01:59:45 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\SwvUpdater
[2013.05.16 01:59:27 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\Media Finder
[2013.05.16 01:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2013.05.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\B1E
[2013.05.16 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2013.05.15 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.05.15 14:49:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2013.05.15 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\PackageAware
[2013.05.15 03:00:17 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\ElevatedDiagnostics
[2013.04.24 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.04.18 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 13:03:06 | 000,000,000 | ---- | M] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | M] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 12:33:27 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 12:33:27 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 12:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 12:25:07 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 11:22:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 11:22:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 11:22:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 11:22:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 11:22:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 02:01:36 | 000,001,344 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.15 17:31:57 | 000,297,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.28 23:31:31 | 000,234,945 | ---- | M] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:32 | 004,482,629 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 23:16:26 | 000,840,581 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 22:49:56 | 000,002,084 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | M] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:28 | 000,350,862 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | M] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | M] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk

========== Files Created - No Company Name ==========

[2013.05.16 13:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | C] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 02:00:38 | 000,002,316 | ---- | C] () -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.28 23:31:31 | 000,234,945 | ---- | C] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:25 | 000,840,581 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 23:16:16 | 004,482,629 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 22:49:56 | 000,002,084 | ---- | C] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | C] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:25 | 000,350,862 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | C] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | C] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk
[2013.04.19 23:32:19 | 001,757,559 | ---- | C] () -- C:\Users\Jerekin\Desktop\MCPatcher 1.5.exe
[2012.11.10 21:28:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 21:27:50 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.06 22:11:27 | 000,000,216 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.08.05 16:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.09 11:22:33 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\.minecraft
[2012.08.22 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\AniFX
[2012.08.22 02:06:48 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Audacity
[2013.05.16 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2012.08.22 02:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\DVDVideoSoft
[2013.05.16 02:01:20 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\eIntaller
[2012.12.02 22:53:28 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Epson
[2013.01.17 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\FreemakeVideoDownloader
[2012.09.02 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Freemium
[2012.10.21 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Leadertech
[2012.08.06 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\LolClient
[2013.05.16 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Media Finder
[2012.11.10 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.08.22 02:41:02 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\mp3DirectCut
[2012.10.08 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Notepad++
[2012.08.26 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\OpenOffice.org
[2013.04.24 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2012.09.24 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\runic games
[2012.11.14 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Samsung
[2013.02.02 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Silver Style Entertainment
[2012.09.11 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Soldat
[2012.08.09 15:33:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TagScanner
[2013.05.15 22:28:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TS3Client
[2012.09.03 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Ubisoft

========== Purity Check ==========

< End of report >

gmer: befindet sich im Anhang

Danke für eure Hilfe und Grüße,

Mr. Opfer

M-K-D-B · 16.05.2013, 16:47

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

AdwCleaner bitte zweimal hintereinander direkt so ausführen und beide Logdateien davon posten.

Danach sehen wir weiter.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Maiandros · 16.05.2013, 17:46

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 16/05/2013 um 18:25:08 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jerekin - HELLCAT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jerekin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : eSafeSvc

***** [Dateien / Ordner] *****

Datei Désinfected : C:\Users\Jerekin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Désinfected : C:\Users\Jerekin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Datei Désinfected : C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Désinfected : C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Désinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jerekin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Jerekin\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Jerekin\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Jerekin\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Jerekin\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Jerekin\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Jerekin\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Jerekin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\extensions\staged

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=8aa012b6-7927-4b7d-ac7b-d6675ad3fd77&searchtype=ds&q={searchTerms}&installDate=16/05/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&ts=1368662493 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\prefs.js

C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB[...]
Gelöscht : user_pref("browser.search.defaultenginename", "qvo6");
Gelöscht : user_pref("browser.search.order.1", "qvo6");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid[...]
Gelöscht : user_pref("extensions.gencrawler@some.com.install-event-fired", true);
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&[...]

*************************

AdwCleaner[S1].txt - [11078 octets] - [16/05/2013 18:25:08]

########## EOF - C:\AdwCleaner[S1].txt - [11139 octets] ##########

--- --- ---

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 16/05/2013 um 18:36:03 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jerekin - HELLCAT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jerekin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [11179 octets] - [16/05/2013 18:25:08]
AdwCleaner[S2].txt - [791 octets] - [16/05/2013 18:36:03]

########## EOF - C:\AdwCleaner[S2].txt - [850 octets] ##########

--- --- ---

M-K-D-B · 16.05.2013, 18:19

Servus,

sehr gut gemacht.

Wir spüren jetzt noch die letzten Reste auf, damit wir sie im Anschluss entfernen können:

Schritt 1
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*qvo6*
*Web Search*
*DVDVideoSoftTB*
*Media Finder*
*PackageAware*
*SwvUpdater*
*eIntaller*
*IESmartBar*
*feed.snap.do*
*B1Toolbar*
*B1E*
*Internet Turbo*

:folderfind
*qvo6*
*Web Search*
*DVDVideoSoftTB*
*Media Finder*
*PackageAware*
*SwvUpdater*
*eIntaller*
*IESmartBar*
*feed.snap.do*
*B1Toolbar*
*B1E*
*Internet Turbo*

:regfind
qvo6
Web Search
DVDVideoSoftTB
Media Finder
PackageAware
SwvUpdater
eIntaller
IESmartBar
feed.snap.do
B1Toolbar
B1E
Internet Turbo

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von SystemLook.

Maiandros · 16.05.2013, 19:10

Fertig.
Ich hoffe es ist gewollt, dass die Toolbar vorerst noch da ist? Ich habe jetzt nicht versucht die manuell zu deinstallieren bevor ich mich hier gemeldet habe.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.05.2013 19:34:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jerekin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 72,17% Memory free
7,71 Gb Paging File | 6,51 Gb Available in Paging File | 84,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 197,29 Gb Free Space | 42,37% Space Free | Partition Type: NTFS
 
Computer Name: HELLCAT | User Name: Jerekin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.15 16:51:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 16:51:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 16:51:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.13 13:32:55 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.20 12:34:11 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013.01.20 12:31:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.20 12:31:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.20 12:31:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.20 12:31:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.20 12:30:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.09.14 17:22:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.15 00:30:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 09:14:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.01.10 14:50:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.10 21:27:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.23 13:52:04 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.23 13:52:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.06 17:25:35 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.09.02 14:34:25 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.07 14:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.15 14:50:10 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.09.15 13:41:50 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.09.15 13:41:44 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.09.15 13:41:44 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.09.15 13:41:44 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.09.15 13:38:38 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.09.14 17:23:02 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.14 17:02:58 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.09.08 09:43:26 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.08.16 13:54:34 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.12 12:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.12 12:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010.05.12 12:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010.05.12 12:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.12 12:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 19 D3 B7 2E 73 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.14
FF - prefs.js..extensions.enabledAddons: %7B7BDB48D1-CD94-4B99-A5A4-E418B9EE6532%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B8aa012b6-7927-4b7d-ac7b-d6675ad3fd77%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Jerekin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.10 14:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.01.19 16:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 09:14:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
 
[2013.05.16 01:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Extensions
[2013.05.16 18:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions
[2013.05.16 02:01:44 | 000,000,000 | ---D | M] ("Internet Turbo") -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{8aa012b6-7927-4b7d-ac7b-d6675ad3fd77}
[2013.04.03 13:47:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.12 22:54:29 | 000,281,921 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.05.06 13:24:07 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 23:28:52 | 007,704,332 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.xpi
[2013.05.09 14:05:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\86tcnpzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.14 21:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM
[2013.01.19 16:26:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM
[2013.03.10 14:57:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.04.12 09:14:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.31 02:49:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C15F93F-58AD-4B85-A730-99F1AE666285}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d593-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell - "" = AutoRun
O33 - MountPoints2\{81f3d5a8-0f90-11e2-be16-c0cb38d969ee}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 13:19:13 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
[2013.05.16 13:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 12:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\Documents\Osprey
[2013.05.16 11:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.05.16 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\B1E
[2013.05.16 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2013.05.15 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013.05.15 03:00:17 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\ElevatedDiagnostics
[2013.04.24 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013.04.24 13:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013.04.18 11:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.16 19:33:11 | 000,165,376 | ---- | M] () -- C:\Users\Jerekin\Desktop\SystemLook_x64.exe
[2013.05.16 19:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 18:45:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 18:45:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 18:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 18:37:59 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 18:25:17 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.16 18:23:38 | 000,628,743 | ---- | M] () -- C:\Users\Jerekin\Desktop\adwcleaner.exe
[2013.05.16 15:12:34 | 000,017,669 | ---- | M] () -- C:\Users\Jerekin\Desktop\gmer.zip
[2013.05.16 14:00:38 | 1020,295,098 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.16 13:20:37 | 000,377,856 | ---- | M] () -- C:\Users\Jerekin\Desktop\gmer_2.1.19163.exe
[2013.05.16 13:19:16 | 000,077,712 | ---- | M] () -- C:\Users\Jerekin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.05.16 13:04:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jerekin\Desktop\OTL.exe
[2013.05.16 13:03:06 | 000,000,000 | ---- | M] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | M] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 11:22:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 11:22:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 11:22:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 11:22:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 11:22:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 17:31:57 | 000,297,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.28 23:31:31 | 000,234,945 | ---- | M] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:32 | 004,482,629 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 23:16:26 | 000,840,581 | ---- | M] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 22:49:56 | 000,002,084 | ---- | M] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | M] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:28 | 000,350,862 | ---- | M] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | M] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | M] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.16 19:33:10 | 000,165,376 | ---- | C] () -- C:\Users\Jerekin\Desktop\SystemLook_x64.exe
[2013.05.16 18:23:31 | 000,628,743 | ---- | C] () -- C:\Users\Jerekin\Desktop\adwcleaner.exe
[2013.05.16 15:12:34 | 000,017,669 | ---- | C] () -- C:\Users\Jerekin\Desktop\gmer.zip
[2013.05.16 14:00:38 | 1020,295,098 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.16 13:20:35 | 000,377,856 | ---- | C] () -- C:\Users\Jerekin\Desktop\gmer_2.1.19163.exe
[2013.05.16 13:19:13 | 000,077,712 | ---- | C] () -- C:\Users\Jerekin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.05.16 13:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Jerekin\defogger_reenable
[2013.05.16 13:02:18 | 000,050,477 | ---- | C] () -- C:\Users\Jerekin\Desktop\Defogger.exe
[2013.05.16 02:00:38 | 000,001,079 | ---- | C] () -- C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.04.28 23:31:31 | 000,234,945 | ---- | C] () -- C:\Users\Jerekin\Desktop\6.jpg
[2013.04.28 23:16:25 | 000,840,581 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo-Texture-Pack-1.jpg
[2013.04.28 23:16:16 | 004,482,629 | ---- | C] () -- C:\Users\Jerekin\Desktop\Ozo - Minecraft 2.mp3
[2013.04.28 22:49:56 | 000,002,084 | ---- | C] () -- C:\Users\Jerekin\AppData\Local\recently-used.xbel
[2013.04.28 10:00:52 | 000,001,069 | ---- | C] () -- C:\Users\Jerekin\Desktop\Minecraft Data.lnk
[2013.04.27 17:47:29 | 000,542,683 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot.png
[2013.04.27 17:47:25 | 000,350,862 | ---- | C] () -- C:\Users\Jerekin\Desktop\4fa5c8dc-c76c-4d7d-95d4-3e040a053205_screenshot_2.png
[2013.04.27 01:18:19 | 000,066,089 | ---- | C] () -- C:\Users\Jerekin\Desktop\JohnSmith-Texture-Pack.jpeg
[2013.04.24 13:03:35 | 000,001,007 | ---- | C] () -- C:\Users\Jerekin\Desktop\RaidCall.lnk
[2013.04.19 23:32:19 | 001,757,559 | ---- | C] () -- C:\Users\Jerekin\Desktop\MCPatcher 1.5.exe
[2012.11.10 21:28:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 21:27:50 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.06 22:11:27 | 000,000,216 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.08.05 16:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.09 11:22:33 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\.minecraft
[2012.08.22 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\AniFX
[2012.08.22 02:06:48 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Audacity
[2013.05.16 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar
[2012.08.22 02:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\DVDVideoSoft
[2012.12.02 22:53:28 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Epson
[2013.01.17 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\FreemakeVideoDownloader
[2012.09.02 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Freemium
[2012.10.21 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Leadertech
[2012.08.06 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\LolClient
[2012.11.10 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.08.22 02:41:02 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\mp3DirectCut
[2012.10.08 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Notepad++
[2012.08.26 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\OpenOffice.org
[2013.04.24 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\raidcall
[2012.09.24 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\runic games
[2012.11.14 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Samsung
[2013.02.02 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Silver Style Entertainment
[2012.09.11 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Soldat
[2012.08.09 15:33:35 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TagScanner
[2013.05.15 22:28:59 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\TS3Client
[2012.09.03 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jerekin\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

SystemLook: Befindet sich im Anhang

M-K-D-B · 16.05.2013, 19:22

Servus,

Zitat:

Zitat von Mr. Opfer

Ich hoffe es ist gewollt, dass die Toolbar vorerst noch da ist? Ich habe jetzt nicht versucht die manuell zu deinstallieren bevor ich mich hier gemeldet habe.

Ja, das passt schon so. Wir entfernen sie jetzt, zusammen mit dem restlichen Müll und kontrollieren nochmal alles.

Wenn du die Toolbar nach den folgenden Schritten immer noch siehst, dann kannst du es mir ja nochmal sagen.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.05.16 02:01:44 | 000,000,000 | ---D | M] ("Internet Turbo") -- C:\Users\Jerekin\AppData\Roaming\mozilla\Firefox\Profiles\86tcnpzc.default\extensions\{8aa012b6-7927-4b7d-ac7b-d6675ad3fd77}
[2013.05.16 01:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Local\B1E
[2013.05.16 01:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jerekin\AppData\Roaming\B1Toolbar

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\amt_ar_qvo6_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\amt_ar_qvo6_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Media Finder_RASMANCS]
[-HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\21B3CFA99CA13164A88C512C4B58D437]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1177b2ef-2b60-49f9-998c-a800db67abf6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9AFC3B12-1AC9-4613-8AC8-15C2B4854D73}]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine

Log-Analyse und Auswertung: Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine