Qv06 Virus

itaris · 16.08.2013, 17:40

hiho

folgendes ich habe mir anscheinend den Qv06 virus eingefangen anscheinend genau das selbe proplem wie hier

http://www.trojaner-board.de/135264-...mgeleitet.html

Leider werde ich ihn nicht los egal was ich mache virenscanner sagt nichts und die schritte in diesen post haben leider auch nicht geholfen

Verwenden tue ich chrome (falls das relevant ist) hat jemand eine Idee was ich machen kann?

währe übeer jede hilfe dankbar

falls es hilft das sagt der Adw CleanerAdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Logfile created 08/16/2013 at 18:47:06
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Itaris - ITARIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Itaris\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
File Infected : C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709)
Folder Found : C:\Program Files (x86)\Common Files\337
Folder Found : C:\Program Files (x86)\HDvidCodec.com
Folder Found : C:\ProgramData\eSafe
Folder Found : C:\Users\Itaris\AppData\Local\Temp\Desk365
Folder Found : C:\Users\Itaris\AppData\Roaming\eIntaller
Folder Found : C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com

***** [Registry] *****

Data Found : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
Data Found : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034362.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034362.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034362.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0034362.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344434462}
Key Found : HKLM\Software\Desksvc
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}
Key Found : HKLM\Software\qvo6Software
Key Found : HKLM\Software\V9
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311431162}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322432262}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355435562}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311431162}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355435562}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKU\S-1-5-21-4001792419-3351727207-731353116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Itaris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6924 octets] - [16/08/2013 18:30:03]
AdwCleaner[R2].txt - [6984 octets] - [16/08/2013 18:30:17]
AdwCleaner[R3].txt - [6927 octets] - [16/08/2013 18:47:06]

########## EOF - C:\AdwCleaner[R3].txt - [6987 octets] ##########

--- --- ---

ryder · 16.08.2013, 17:54

Zitat:

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Und das hast du sicher auch gelesen?

Also folge bitte unserer Anleitung:

http://www.trojaner-board.de/69886-a...-beachten.html

itaris · 16.08.2013, 17:55

leider verstehe ich nicht was da steht ich dachte mir nur es kann helfen da es im angegebenen link auch gefragt wird

da ich es nicht verstehe wende ich mich ja an euch
aber ich geh den link von dir mal durch^^

ryder · 16.08.2013, 17:57

Wir haben uns bei der Formulierung der Anleitung sehr viel Mühe gegeben und ich bin sicher, dass du das hinkriegst.

itaris · 16.08.2013, 18:19

so ich hoffe ich hab das richtig gemacht und habe dasshier entdeckt

HR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST1000LM014-1EJ164_W380468FXXXXW380468F&ts=1375409709

will ja auch was lernen :>
gefunden habe ich dies nach der anleitung in der FRST

bringt uns das weiter?

----------------FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2013 01
Ran by Itaris at 2013-08-16 19:16:41
Running from C:\Users\Itaris\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.1)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
bl (x32 Version: 1.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
Combat-Gaming Network 3.5.5.1 (x32 Version: 3.5.5.1)
Dota 2 (x32)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
HDvid Codec V1 (x32 Version: 1.27.153.8)
HDVidCodec (x32 Version: 2.1 Build 26473)
Inhaltsmanager-Assistent für PlayStation(R) (x32 Version: 2.50.6733.38)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
itech Gaming Software 8.46 (Version: 8.46.27)
Lion Transformation Pack (x32 Version: 1.0)
Logitech Gaming Software (Version: 8.45.88)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
NVIDIA PhysX (x32 Version: 9.12.1031)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Rainmeter (x32 Version: 3.0 beta r2012)
Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Skype™ 6.6 (x32 Version: 6.6.106)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.11.1)
Virtual Audio Cable 4.10
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

13-08-2013 07:21:17 Windows Update
13-08-2013 12:54:52 Installed DirectX
13-08-2013 12:55:08 Installed Microsoft XNA Framework Redistributable 3.1
15-08-2013 00:41:25 Windows Update
15-08-2013 18:11:03 Installed DirectX
16-08-2013 16:28:54 Removed Skype Click to Call

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F85DBAA-EE71-45E9-AD1A-FA1FBEE68282} - System32\Tasks\HDvid Codec V1-enabler => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe [2013-08-02] (installdaddy)
Task: {2438A788-1A2B-4075-9BE9-447BB3070151} - System32\Tasks\HDvid Codec V1-updater => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe [2013-08-02] (installdaddy)
Task: {53780264-588B-46E2-A648-FD47D45861C0} - System32\Tasks\HDvid Codec V1-codedownloader => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe [2013-08-02] (installdaddy)
Task: {62D521D9-1903-47F5-B1AC-D65DFA49434F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {8A6BBF5C-25EA-480C-8B96-DBF954D6D9C2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A1599284-AACC-4CED-BCE0-7E1F87DCCCB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {A8E5AEE2-1DA1-44EB-BE29-9E4AA7119FDB} - System32\Tasks\AdobeAAMUpdater-1.0-Itaris-PC-Itaris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {BE81A10D-B95F-4593-B266-BD4E9D2756D6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {E21C43B5-D8A1-43B5-A1A8-7454A319172B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDvid Codec V1-codedownloader.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe
Task: C:\Windows\Tasks\HDvid Codec V1-enabler.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe
Task: C:\Windows\Tasks\HDvid Codec V1-updater.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2013 10:17:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 08:10:20 PM) (Source: Application Hang) (User: )
Description: The program SDTools.exe version 2.1.18.150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 84c

Start Time: 01ce99e29ff9afeb

Termination Time: 2

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe

Report Id: f0e3f504-05d5-11e3-acc7-10bf48881547

Error: (08/15/2013 07:34:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 00:00:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:32:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:26:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: CMADownloader.exe, version: 2.50.6733.20, time stamp: 0x51b82861
Faulting module name: CMADownloader.exe, version: 2.50.6733.20, time stamp: 0x51b82861
Exception code: 0xc0000417
Fault offset: 0x000105e1
Faulting process id: 0x1974
Faulting application start time: 0xCMADownloader.exe0
Faulting application path: CMADownloader.exe1
Faulting module path: CMADownloader.exe2
Report Id: CMADownloader.exe3

Error: (08/13/2013 10:48:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: eGdpSvc.exe, version: 1.0.0.2598, time stamp: 0x51f8b0ad
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x6e0
Faulting application start time: 0xeGdpSvc.exe0
Faulting application path: eGdpSvc.exe1
Faulting module path: eGdpSvc.exe2
Report Id: eGdpSvc.exe3

Error: (08/13/2013 09:05:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 01:48:48 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Rainmeter because of this error.

Program: Rainmeter
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (08/12/2013 01:48:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: Rainmeter.exe, version: 3.0.0.2012, time stamp: 0x51e2ac6a
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000096
Fault offset: 0x0000000000182948
Faulting process id: 0x147c
Faulting application start time: 0xRainmeter.exe0
Faulting application path: Rainmeter.exe1
Faulting module path: Rainmeter.exe2
Report Id: Rainmeter.exe3


System errors:
=============
Error: (08/16/2013 10:17:43 AM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service hung on starting.

Error: (08/15/2013 07:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service hung on starting.

Error: (08/15/2013 07:33:03 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 19:26:54 on ‎15.‎08.‎2013 was unexpected.

Error: (08/15/2013 00:00:34 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/15/2013 00:00:30 PM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service hung on starting.

Error: (08/14/2013 11:32:24 AM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service hung on starting.

Error: (08/13/2013 10:48:38 AM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/13/2013 09:05:42 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/13/2013 09:05:32 AM) (Source: Service Control Manager) (User: )
Description: The Wsys Service service hung on starting.

Error: (08/12/2013 00:53:29 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (08/16/2013 10:17:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 08:10:20 PM) (Source: Application Hang)(User: )
Description: SDTools.exe2.1.18.15084c01ce99e29ff9afeb2C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exef0e3f504-05d5-11e3-acc7-10bf48881547

Error: (08/15/2013 07:34:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 00:00:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 11:32:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:26:22 PM) (Source: Application Error)(User: )
Description: CMADownloader.exe2.50.6733.2051b82861CMADownloader.exe2.50.6733.2051b82861c0000417000105e1197401ce9839765fa1bfC:\Program Files (x86)\Sony\Content Manager Assistant\CMADownloader.exeC:\Program Files (x86)\Sony\Content Manager Assistant\CMADownloader.exeb4d5f7dd-042c-11e3-922b-10bf48881547

Error: (08/13/2013 10:48:38 AM) (Source: Application Error)(User: )
Description: eGdpSvc.exe1.0.0.259851f8b0adole32.dll6.1.7601.175144ce7b96fc0000005000393426e001ce97f350361746C:\ProgramData\eSafe\eGdpSvc.exeC:\Windows\syswow64\ole32.dll2509a38c-03f5-11e3-922b-10bf48881547

Error: (08/13/2013 09:05:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 01:48:48 PM) (Source: Application Error)(User: )
Description: Rainmeter000000000

Error: (08/12/2013 01:48:48 PM) (Source: Application Error)(User: )
Description: Rainmeter.exe3.0.0.201251e2ac6aole32.dll6.1.7601.175144ce7c92cc00000960000000000182948147c01ce974a98e96aa9C:\Program Files\Rainmeter\Rainmeter.exeC:\Windows\system32\ole32.dll25a719fe-0345-11e3-8958-10bf48881547


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8145.48 MB
Available physical RAM: 4944.53 MB
Total Pagefile: 16289.15 MB
Available Pagefile: 12063.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:816.32 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Haupt) (Fixed) (Total:232.88 GB) (Free:56.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (old) (Fixed) (Total:232.88 GB) (Free:75.65 GB) NTFS
Drive g: (Musik /filme) (Fixed) (Total:297.99 GB) (Free:33.15 GB) NTFS
Drive h: (Windows 7 Ultimate - 32 Bit (Aut) (CDROM) (Total:3.48 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A56A442F)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E5CAE5CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B732B732)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2AFF8C51)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ==================

--- --- ---

ryder · 16.08.2013, 18:20

Ich möchte hier alle drei Logfiles in der in der Anleitung beschriebenen Weise sehen.

itaris · 16.08.2013, 18:27

ich versuche sie die ganze zeit hochzuladen relativ erfolglos obwohl ich
code nutze

ich probiere etwas rum

so ich habe es als zip hochgeladen da die dateien einfach zu groß waren sorry dafür

combat-gaming.net/bericht.rar <-- berichte

einfach runterladen müsste alles drinnen sein (hoffe ich)

ryder · 16.08.2013, 18:28

Du sollst sie nicht hochladen sondern einfügen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

itaris · 16.08.2013, 18:49

das funktioniert nicht wegen zu vielen zeichen selbst einzeln nicht

ryder · 16.08.2013, 18:54

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [301120 2013-08-16] (Wsys Co., Ltd.)
C:\ProgramData\eSafe\

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3:
Browserreset mit ZOEK

Achtung! Sichere vorher deine Bookmarks und persönlichen Einstellungen!

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Klicke auch auf "Options" und wähle die folgenden Optionen aus:
- Firefox Defaults
- Reset Chrome
- Shortcut Fix
- IE Defaults
- Reset Hosts
- Auto Clean
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 4:
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.

itaris · 16.08.2013, 20:11

also entschuldigung ich verstehe es einfach nicht ich habe diese schritte ausgeführt habe auch die dateien aber dies zu posten funktioniert einfach von vorne bis hinten nicht da wenn ich es hier einfüge und auf antworten drücke einfach garnichts passiert auser das sich die seite aktualisiert.

Mein proplem war die ganze zeit das frst von anfang an für mich ne txt datei war und ich die exe einfach vergas deshalb haben die anweisungen für mich keinen sinn ergeben bis mir dies aufgefallen ist

was kann ich nun tun?

also mir währe es an liebsten wenn ihr euch die Sachen die ich hochgeladen habe anschauen könntet hat nur 50 kb :/ währe echt super nett

hier habe ich noch ein bild hochgeladen des plagegeistes

tut mir echt leid aber ich weis einfach nicht was ich falsch mache und ich habe jetzt gut eine stunde probiert nur um das zu posten

ryder · 16.08.2013, 20:28

Ordentliches Deutsch schreiben würde mir schon beim Entziffern helfen.

Ich habe dir doch die Anleitung weiter oben geschrieben, wie man so ein Logfile hier einfügt. Nach dem Ausführen meiner Anweisungen sollte eigentlich alles soweit weg sein. Probiere notfalls einen anderen Browser, wenn die Webseite hier nicht ordentlich funktioniert. Bitte ggf. jemanden, dir zu helfen.

itaris · 16.08.2013, 22:40

so

frst

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2013 01
Ran by Itaris at 2013-08-16 22:19:21 Run:1
Running from C:\Users\Itaris\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [301120 2013-08-16] (Wsys Co., Ltd.)
C:\ProgramData\eSafe\
*****************

WsysSvc => Service deleted successfully.
C:\ProgramData\eSafe\ => Moved successfully.


The system needs a manual reboot. 

==== End of Fixlog ====

------------------------------------------------------

JrtJRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by Itaris on 16.08.2013 at 22:22:59,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] wsyssvc 
Successfully deleted: [Service] wsyssvc 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4001792419-3351727207-731353116-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0034362.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0034362.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0034362.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0034362.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322432262}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355435562}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366436662}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344434462}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322432262}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355435562}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366436662}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344434462}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0034362.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0034362.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0034362.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0034362.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355435562}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366436662}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344434462}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355435562}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366436662}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344434462}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"
Successfully disinfected: [Shortcut] C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Itaris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Itaris\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Itaris\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2013 at 22:26:18,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

Code:

ATTFilter

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Itaris on 16.08.2013 at 22:52:29,90.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Itaris\Downloads\zoek (1).exe     [Quick Scan] [Auto Clean]

==== System Restore Info ======================

16.08.2013 22:56:16 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Users\Itaris\Downloads\codec_pack_306758_ch.exe" deleted
"C:\windows\SysNative\tasks\Desk 365 RunAsStdUser" deleted
"C:\Program Files (x86)\Common Files\337" deleted
"C:\Program Files (x86)\hdvidcodec.com" deleted
"C:\Users\Itaris\AppData\Roaming\eIntaller" deleted
"C:\ProgramData\Package Cache" deleted
"C:\Users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-07-26 05:20:16	EB011A3D4B53B6F09F851EB1D1E03E93	2768896	----a-w-	C:\Windows\explorer.exe
2013-07-26 05:20:16	CF2E5761A86E64620C514CBD70CC9820	576000	----a-w-	C:\Windows\regedit.exe
2013-07-26 05:19:53	04810EC57CBBDD1F047C8217B9F6C092	118845	----a-w-	C:\Windows\Flurry.scr
2013-07-19 15:12:02	59A56044F9E68FCD8056FAAAEAAAA615	8089	----a-w-	C:\Windows\w7dse.reg
2013-07-19 15:12:02	09E20C70FD5C56210BB7C308ED10E021	8107	----a-w-	C:\Windows\w7dsd.reg
2013-07-17 21:47:24	127AA81343A7C6F665C22CB1293B0A90	67072	----a-w-	C:\Windows\splwow64.exe
====== C:\Users\Itaris\AppData\Local\Temp ====
2013-08-16 13:20:34	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Itaris\AppData\Local\Temp\SHSetup.exe
====== C:\Windows\SysWOW64 =====
2013-08-15 18:13:01	91B4AAD4412BB223B466F3DFB43E86DA	452440	----a-w-	C:\Windows\SysWOW64\d3dx10_40.dll
2013-08-15 18:13:01	3384134EEB8F223178C2EB8323003EC0	2036576	----a-w-	C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-08-15 18:12:59	EEA5E428CE63804F9B12D21C97B5968F	4379984	----a-w-	C:\Windows\SysWOW64\D3DX9_40.dll
2013-08-15 00:43:46	C9BFFA62DFBF0317AECE707B39C4BF25	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-08-15 00:43:46	A484F9DB744849C0B32DD1CE73A94F62	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 00:43:45	D0E0086BA353C379DCFE8624E8B8F17A	2048512	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-08-15 00:43:45	BC90EED56A5C77168A8D6F0C4221D7CB	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:43:45	AF6A6C16ACAD816B48714AE7A4082D89	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-08-15 00:43:45	8A5BD908D421BEE82941EF8ABD8B4F09	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-08-15 00:43:45	37730C04B543536D971B3F157415EFF5	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 00:43:44	45C118A1E03182365CB568F99B81A473	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 00:43:44	1C83426A51AD83B5E788B6CF143B48D8	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-08-15 00:43:43	AC8C3591D536D1CCB62EDCBEA88140B3	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-08-15 00:43:43	059FC59F97A6220C46A612A9470A00B3	1141248	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-08-15 00:43:42	DAA3903F06116AE9EE7AC1D1B93684A4	1767936	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-08-15 00:43:42	49EB7DE3A1CCCE9D0873DE9114810113	39936	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 00:43:41	E9BCB6728DD04412BF87F03DB00DE1CF	13761024	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-08-15 00:43:38	E631B408882F8320739F6E0CAF444397	14329344	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-08-14 09:40:24	AE8EB083B050E17A7D6EB5E28AECDDD6	1166848	----a-w-	C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:40:24	7CA1BECEA5DE2643ADDAD32670E7A4C9	140288	----a-w-	C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:40:24	7B851A8018B1EA00A69707A390004884	103936	----a-w-	C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:40:24	68EAAEDF0365168B804E8728368FA946	175104	----a-w-	C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:40:20	D5E18BA95F9E7D787D25EF07AC68603E	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:40:18	4DC999CED9429939D75682EBD7D48901	663552	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:40:18	0805487A6036A9F9C4E7AF7FEF835529	1620992	----a-w-	C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:40:17	9FA7BF625122CCAC90FCD307174D8CF3	3913664	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 09:40:16	DD5F17D44E9966E7EA447AE8C4D12D6C	3968960	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 09:40:16	528D298F9914C558EA7A9809BE598E65	1292192	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2013-08-14 09:40:15	D313AE69128A75367AA36E15522931F6	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2013-08-14 09:40:15	CFEEF3185342ADEAE1E77A017052565B	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2013-08-14 09:40:15	77F5D2CB80697EB96C45E79A869A6FAC	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 09:40:15	4E77948A7BD16BA5724EC79C60176B03	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2013-08-14 09:40:15	3EED15C223E139C3A28B458800E52BF3	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-08-15 18:13:01	862586AD4B1355F7DCDE111EE0AAF350	519000	----a-w-	C:\Windows\Sysnative\d3dx10_40.dll
2013-08-15 18:13:01	37309B833480DC69FDE7DB68F9B8BC20	2605920	----a-w-	C:\Windows\Sysnative\D3DCompiler_40.dll
2013-08-15 18:12:59	29A79F0B607FAF5722D7BAF2485F632A	5631312	----a-w-	C:\Windows\Sysnative\D3DX9_40.dll
2013-08-15 00:43:46	69F5E016A98CE1908DB08382F2ACF882	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-08-15 00:43:46	3A2FD42F11CD325A4ACAFE7FB0EEA83A	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-08-15 00:43:45	D8CC9A20C517A54678363C4C77B930A4	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-08-15 00:43:45	963B29E0EFB20D66436214DB7C43D7F7	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-08-15 00:43:45	6C8BDC9F16943D626DFE8A987BCCFD20	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-08-15 00:43:45	65546D87F7A78AB31841A536456CB94D	2647040	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-08-15 00:43:45	622C7C8D39609FCEACE3508715D48C7F	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-08-15 00:43:45	28C2F8C7DBE11AA3DA041D35F4E59481	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-08-15 00:43:44	8C12653BEA781902AA60E4A855A55D5C	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-08-15 00:43:44	5A7FA01EEC393A3E0D0F3EBAA1FD959E	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-08-15 00:43:44	16FE878530FDFC9AB08B7FFC32335958	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-08-15 00:43:43	289C5E0A386E7B6CA9539D66D15E22CC	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-08-15 00:43:42	AC155DD9BD1E6D3B740826A4D1C68AAE	2241024	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-08-15 00:43:42	04DE09B1E287F6DC5C7FD655B6E84AB9	53760	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-08-15 00:43:40	396889142BD839DB8A055A0BE0AD2F79	19239424	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-08-14 09:40:24	A6B726DCA228F7878E38368A1BDC68BE	139776	----a-w-	C:\Windows\Sysnative\cryptnet.dll
2013-08-14 09:40:24	959041D7014C97133D859B45BCA0FC58	224256	----a-w-	C:\Windows\Sysnative\wintrust.dll
2013-08-14 09:40:24	6B400F211BEE880A37A1ED0368776BF4	184320	----a-w-	C:\Windows\Sysnative\cryptsvc.dll
2013-08-14 09:40:24	287998A9BA0140ABB59792CDEB2F8483	1472512	----a-w-	C:\Windows\Sysnative\crypt32.dll
2013-08-14 09:40:20	B3CA3253009D26666F5BCB16E77D2618	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2013-08-14 09:40:18	D29200AB0B37B7293C6942EAF755295E	1888768	----a-w-	C:\Windows\Sysnative\WMVDECOD.DLL
2013-08-14 09:40:18	26036E228D2467DE6975AD819C22C043	1217024	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2013-08-14 09:40:16	D6180FBBADA79BC28E5FD8187EBE7F64	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2013-08-14 09:40:16	C19DCA1024135D5485E25AB1047F77BC	5550528	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2013-08-14 09:40:16	8E45DD84F8F786B2DB94AD95225B9246	1732032	----a-w-	C:\Windows\Sysnative\ntdll.dll
====== C:\Windows\Sysnative\drivers =====
2013-08-14 09:40:14	DB74544B75566C974815E79A62433F29	1910208	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2013-08-14 09:40:14	4CE278FC9671BA81A138D70823FCAA09	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
2013-08-01 17:04:17	E86C64478D9A90D62255FE9EB0150C6E	175	----a-w-	C:\Windows\Sysnative\drivers\aswVmm.sys.sum
2013-08-01 17:04:17	A5F29AC2F0ADE8B995B49D7350CE3AC0	175	----a-w-	C:\Windows\Sysnative\drivers\aswSP.sys.sum
2013-08-01 17:04:17	2E83D2621E87C493AB45DC6655BA77D4	175	----a-w-	C:\Windows\Sysnative\drivers\aswSnx.sys.sum
2013-07-29 08:11:47	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_SaiK1713_01009.Wdf
2013-07-28 18:17:28	F4C086E8E5AA8489E3476BCD40F7542D	10224	------w-	C:\Windows\Sysnative\drivers\cdr4_xp.sys
2013-07-28 18:17:28	C8EBA97A3C9B64282E8A57E909F1B390	10224	------w-	C:\Windows\Sysnative\drivers\cdralw2k.sys
2013-07-28 18:17:28	BC08F7F3C53CBEE68670ED1314E290FD	56208	------w-	C:\Windows\Sysnative\drivers\PxHlpa64.sys
2013-07-25 16:08:35	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-22 12:38:32	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-21 19:03:13	932C05033053ADA2404FD836C9AB2C70	66728	----a-w-	C:\Windows\Sysnative\drivers\vrtaucbl.sys
2013-07-17 21:54:20	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-17 21:54:19	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2013-07-17 21:53:40	AEA0A67275CFBA0E463E00C6E9A1DDAE	54376	----a-w-	C:\Windows\Sysnative\drivers\WdfLdr.sys
2013-07-17 21:53:40	933222B19FF3E7EA5F65517EA1F7D57E	3	----a-w-	C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-17 21:53:40	442783E2CB0DA19873B7A63833FF4CB4	785512	----a-w-	C:\Windows\Sysnative\drivers\Wdf01000.sys
2013-07-17 21:53:15	EF4469AB69EB15E5D3754E6AEAFBCD3D	29696	----a-w-	C:\Windows\Sysnative\drivers\terminpt.sys
2013-07-17 21:53:15	AD64450A4ABE076F5CB34CC08EEACB07	30208	----a-w-	C:\Windows\Sysnative\drivers\TsUsbGD.sys
2013-07-17 21:53:15	313F68E1A3E6345A4F47A36B07062F34	19456	----a-w-	C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2013-07-17 21:53:15	17C6B51CBCCDED95B3CC14E22791F85E	57856	----a-w-	C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2013-07-17 21:51:39	DDA4CAF29D8C0A297F886BFE561E6659	198656	----a-w-	C:\Windows\Sysnative\drivers\WUDFRd.sys
2013-07-17 21:51:39	AB886378EEB55C6C75B4F2D14B6C869F	87040	----a-w-	C:\Windows\Sysnative\drivers\WUDFPf.sys
2013-07-17 21:51:39	933222B19FF3E7EA5F65517EA1F7D57E	3	----a-w-	C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-17 21:49:50	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_dc3d_01009.Wdf
2013-07-17 21:49:08	AAFCB52FE0037207FB6FBEA070D25EFE	458712	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2013-07-17 21:49:08	7EFB9333E4ECCE6AE4AE9D777D9E553E	154480	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-07-17 21:49:06	1B16D0BD9841794A6E0CDE0CEF744ABC	45568	----a-w-	C:\Windows\Sysnative\drivers\tcpipreg.sys
2013-07-17 21:48:58	760E38053BF56E501D562B70AD796B88	950128	----a-w-	C:\Windows\Sysnative\drivers\ndis.sys
2013-07-17 21:48:58	0E01641D96889BDEB22DE12D30575B08	41472	----a-w-	C:\Windows\Sysnative\drivers\RNDISMP.sys
2013-07-17 21:48:57	9BBD8B5855BC6578957F82341F9CDE5A	27520	----a-w-	C:\Windows\Sysnative\drivers\Diskdump.sys
2013-07-17 21:48:29	8F6322049018354F45F05A2FD2D4E5E0	223752	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
2013-07-17 21:25:46	6BD9295CC032DD3077C671FCCF579A7B	23408	----a-w-	C:\Windows\Sysnative\drivers\fs_rec.sys
2013-07-17 21:24:05	92B3172E8C14C1444682F510843A9988	19968	----a-w-	C:\Windows\Sysnative\drivers\usb8023.sys
2013-07-17 21:23:39	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
2013-07-17 21:23:37	D711B3C1D5F42C0C2415687BE09FC163	288768	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2013-07-17 21:23:37	A5D9106A73DC88564C825D317CAC68AC	158208	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2013-07-17 21:23:37	9423E9D355C8D303E76B8CFBD8A5C30C	128000	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2013-07-17 21:23:30	AF2E16242AA723F68F461B6EAE2EAD3D	983400	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-07-17 21:23:30	1F04CFB79DD5FB7694468CE3FB3DCC31	265064	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-07-17 21:23:23	E61608AA35E98999AF9AAEEEA6114B0A	210944	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2013-07-17 21:23:22	B4ADEBBF5E3677CCE9651E0F01F7CC28	410112	----a-w-	C:\Windows\Sysnative\drivers\srv2.sys
2013-07-17 21:23:22	7942B7AC3FF598F8A1736D51ADAF04E8	376688	----a-w-	C:\Windows\Sysnative\drivers\netio.sys
2013-07-17 21:23:22	441FBA48BFF01FDB9D5969EBC1838F0B	467456	----a-w-	C:\Windows\Sysnative\drivers\srv.sys
2013-07-17 21:23:22	41C67E4205C606A103DEC8651D0B6FE6	288088	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2013-07-17 21:23:22	27E461F0BE5BFF5FC737328F749538C3	168448	----a-w-	C:\Windows\Sysnative\drivers\srvnet.sys
2013-07-17 21:23:21	97A7070AEA4C058B6418519E869A63B4	95600	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2013-07-17 21:23:21	1C7857B62DE5994A75B054A9FD4C3825	498688	----a-w-	C:\Windows\Sysnative\drivers\afd.sys
2013-07-17 21:23:15	E9766131EEADE40A27DC27D2D68FBA9C	75120	----a-w-	C:\Windows\Sysnative\drivers\partmgr.sys
2013-07-17 21:20:23	6C02A83164F5CC0A262F4199F0871CF5	90624	----a-w-	C:\Windows\Sysnative\drivers\bowser.sys
====== C:\Windows\Tasks ======
2013-08-15 18:04:49	--------	d-----w-	C:\Windows\Sysnative\Tasks\Safer-Networking
2013-08-02 02:14:53	9CDC86ECADA5520AF48F9D04340C22C1	1214	----a-w-	C:\Windows\Tasks\HDvid Codec V1-updater.job
2013-08-02 02:14:53	427BECF39269D7E3D200549DD7DD4F31	4244	----a-w-	C:\Windows\Sysnative\Tasks\HDvid Codec V1-updater
2013-08-02 02:14:51	F0BCCE9D8D58820BB78ECBE22B34ACA3	1118	----a-w-	C:\Windows\Tasks\HDvid Codec V1-enabler.job
2013-08-02 02:14:51	795C5CC3D5211DB1B10054E392EC4FDD	4148	----a-w-	C:\Windows\Sysnative\Tasks\HDvid Codec V1-enabler
2013-08-02 02:14:50	D15F423384763D75D3D771D8C6283797	4238	----a-w-	C:\Windows\Sysnative\Tasks\HDvid Codec V1-codedownloader
2013-08-02 02:14:50	A5651766FFEDF36B9CE0820C37BCD840	1208	----a-w-	C:\Windows\Tasks\HDvid Codec V1-codedownloader.job
2013-07-28 21:15:50	59B495032BC85652C52347E10874FA8D	3506	----a-w-	C:\Windows\Sysnative\Tasks\AdobeAAMUpdater-1.0-Itaris-PC-Itaris
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-28 18:15:03	--------	d-----w-	C:\Program Files\Adobe
2013-07-28 18:14:54	--------	d-----w-	C:\Program Files\Common Files\Adobe
2013-07-21 19:03:13	--------	d-----w-	C:\Program Files\Virtual Audio Cable
2013-07-19 15:13:32	--------	d-----w-	C:\Program Files\Rainmeter
2013-07-18 17:01:58	--------	d-----w-	C:\Program Files\WinRAR
======= C:\Program Files (x86) =====
2013-08-15 18:04:39	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-13 12:55:16	--------	d-----w-	C:\Program Files (x86)\Microsoft XNA
2013-08-08 16:53:41	--------	d-----w-	C:\Program Files (x86)\Common Files\Steam
2013-08-06 22:40:36	--------	d-----w-	C:\Program Files (x86)\Sony
2013-08-05 18:43:25	--------	d-----w-	C:\Program Files (x86)\Combat-Gaming Network
2013-08-04 08:56:46	--------	d-----w-	C:\Program Files (x86)\OpenOffice 4
2013-08-02 02:15:34	--------	d-----w-	C:\Program Files (x86)\ffdshow
2013-08-02 02:14:40	--------	d-----w-	C:\Program Files (x86)\HDvid Codec V1
2013-07-28 18:17:28	--------	d-----w-	C:\Program Files (x86)\Common Files\Sonic Shared
2013-07-28 18:17:28	--------	d-----w-	C:\Program Files (x86)\Common Files\PX Storage Engine
2013-07-28 18:17:25	--------	d-----w-	C:\Program Files (x86)\My Company Name
2013-07-28 18:13:55	--------	d-----w-	C:\Program Files (x86)\Common Files\Adobe
2013-07-26 20:55:42	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
2013-07-26 05:19:53	--------	d-----w-	C:\Program Files (x86)\UX Pack
2013-07-18 17:09:34	--------	d-----w-	C:\Program Files (x86)\Common Files\Adobe AIR
2013-07-18 17:09:34	--------	d-----w-	C:\Program Files (x86)\Adobe
2013-07-18 15:43:40	--------	d-----w-	C:\Program Files (x86)\Common Files\Skype
2013-07-18 15:43:40	--------	d-----r-	C:\Program Files (x86)\Skype
2013-07-18 15:41:52	--------	d-----w-	C:\Program Files (x86)\Microsoft.NET
2013-07-17 21:13:05	--------	d-----w-	C:\Program Files (x86)\AMD
======= C: =====
2013-08-16 16:47:06	D2D5965BD9193A722829E7B59D9174B5	7044	----a-w-	C:\AdwCleaner[R3].txt
2013-08-16 16:30:17	EFEFBAA1F3B1C22E017D383F6504E114	6984	----a-w-	C:\AdwCleaner[R2].txt
2013-08-16 16:30:03	F871B79F01F8688ECFBD34B23057DA08	6924	----a-w-	C:\AdwCleaner[R1].txt
====== C:\Users\Itaris\AppData\Roaming ======
2013-08-15 18:04:02	--------	d-----w-	C:\users\Itaris\AppData\Local\Programs
2013-08-13 12:55:23	--------	d-----w-	C:\users\Itaris\AppData\Local\Cadenza
2013-08-04 09:00:44	--------	d-----w-	C:\users\Itaris\AppData\Roaming\OpenOffice
2013-08-02 02:14:37	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Mozilla
2013-08-02 00:24:05	--------	d-----w-	C:\users\Itaris\AppData\Locallow\Adobe
2013-08-02 00:23:33	CA9B0BD72BE245BEF98277F7151A66EB	132	----a-w-	C:\users\Itaris\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-08-02 00:10:42	97DF46BC89AFC10AA799EB1A0B0178EA	4113	----a-w-	C:\users\Itaris\AppData\Local\recently-used.xbel
2013-07-29 15:58:47	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-28 21:12:35	--------	d-----w-	C:\users\Itaris\AppData\Roaming\PDAppFlex
2013-07-28 18:01:27	--------	d-----w-	C:\users\Itaris\AppData\Local\fontconfig
2013-07-28 18:01:23	--------	d-----w-	C:\users\Itaris\AppData\Local\gegl-0.2
2013-07-27 01:59:25	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Soldat
2013-07-26 03:54:01	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Leadertech
2013-07-22 12:42:40	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Sony Corporation
2013-07-19 15:14:16	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Rainmeter
2013-07-18 17:14:19	--------	d-----w-	C:\users\Itaris\AppData\Roaming\LolClient
2013-07-18 17:09:21	--------	d-----w-	C:\users\Itaris\AppData\Local\Adobe
2013-07-18 17:02:00	--------	d-----w-	C:\users\Itaris\AppData\Roaming\WinRAR
2013-07-18 17:02:00	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-18 15:43:42	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Skype
2013-07-18 15:43:30	--------	d-----w-	C:\users\Itaris\AppData\Roaming\ATI
2013-07-18 15:43:30	--------	d-----w-	C:\users\Itaris\AppData\Local\ATI
2013-07-18 05:40:33	--------	d-----w-	C:\users\Itaris\AppData\Roaming\Adobe
2013-07-17 21:11:43	--------	d-----w-	C:\users\Itaris\AppData\Local\Downloaded Installations
2013-07-17 21:00:13	--------	d-----w-	C:\users\Itaris\AppData\Roaming\TERA
====== C:\Users\Itaris ======
2013-08-16 20:22:45	2DCB95E2E02C853A968B6E1FCBDC1420	1159319	----a-w-	C:\Users\Itaris\Downloads\JRT.exe
2013-08-16 17:14:33	4012F46196179C7B800F607F52DB7834	1575798	----a-w-	C:\Users\Itaris\Desktop\FRST64.exe
2013-08-16 16:46:14	178A34E5554DCE485E1262DDF027960C	2237968	----a-w-	C:\Users\Itaris\Downloads\tdsskiller.exe
2013-08-16 16:32:57	943236987A9346B8B9A5B649CD9059F2	700783	----a-w-	C:\Users\Itaris\Downloads\dds+ (1).exe
2013-08-16 16:28:40	F265E08A4A53E0FAFF655BF04C490F0C	666633	----a-w-	C:\Users\Itaris\Downloads\adwcleaner.exe
2013-08-16 16:26:47	943236987A9346B8B9A5B649CD9059F2	700783	------r-	C:\Users\Itaris\Downloads\dds+.exe
2013-08-16 13:20:24	244C5C48F2EA54AFB29AE990ADCD1DEF	726464	----a-w-	C:\Users\Itaris\Downloads\SpyHunter-Installer.exe
2013-08-16 11:31:23	EFEB95F45EB7430D72D302D998EA3A14	7837712	----a-w-	C:\Users\Itaris\Downloads\Range_MMO7_SD7_0_20_0_64Bit_Drivers (1).exe
2013-08-15 18:04:48	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-08-15 18:00:42	5E20685E0AD4D5797719BF31B8B5F912	36364784	----a-w-	C:\Users\Itaris\Downloads\spybotsd-2.1.20-SR1.exe
2013-08-13 18:48:56	--------	d-----w-	C:\ProgramData\Electronic Arts
2013-08-09 15:57:19	864892D1791A33E066F1D6A61D0A3FED	7876512	----a-w-	C:\Users\Itaris\Downloads\Shockwave_Installer_Slim.exe
2013-08-08 16:53:14	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-08 05:13:06	--------	d-----w-	C:\ProgramData\PopCap Games
2013-08-05 15:56:36	8F24783B930CA3D727CED96C07C3AC1F	2361543055	----a-w-	C:\Users\Itaris\Downloads\setup.exe
2013-08-04 08:56:57	--------	d-s---w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2013-08-04 08:44:13	1249C1D256BBBC01FFD1F44A41389F75	162401424	----a-w-	C:\Users\Itaris\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-08-02 02:15:35	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2013-08-02 00:09:19	--------	d-----w-	C:\Users\Itaris\.thumbnails
2013-07-28 18:27:59	--------	d-----w-	C:\ProgramData\regid.1986-12.com.adobe
2013-07-28 18:23:36	--------	d-----w-	C:\ProgramData\ALM
2013-07-28 18:21:03	--------	d-----w-	C:\Users\Itaris\Adobe Flash Builder 4.6
2013-07-28 18:18:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2013-07-28 18:15:14	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2013-07-28 18:01:24	--------	d-----w-	C:\Users\Itaris\.gimp-2.8
2013-07-27 17:19:59	--------	d-----w-	C:\ProgramData\Intenium
2013-07-21 19:03:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2013-07-18 17:09:36	--------	d-----w-	C:\ProgramData\Adobe
2013-07-18 17:02:00	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-18 15:43:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2013-07-18 15:43:39	--------	d-----w-	C:\ProgramData\Skype
2013-07-18 15:43:30	--------	d-----w-	C:\ProgramData\ATI
2013-07-17 20:59:51	--------	d-----w-	C:\ProgramData\TERA

====== C: exe-files ==
2013-08-16 20:22:45	2DCB95E2E02C853A968B6E1FCBDC1420	1159319	----a-w-	C:\Users\Itaris\Downloads\JRT.exe
2013-08-16 20:17:22	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS2F9PHX\FRST64[1].exe
2013-08-16 17:14:33	4012F46196179C7B800F607F52DB7834	1575798	----a-w-	C:\Users\Itaris\Desktop\FRST64.exe
2013-08-16 16:46:14	178A34E5554DCE485E1262DDF027960C	2237968	----a-w-	C:\Users\Itaris\Downloads\tdsskiller.exe
2013-08-16 16:32:57	943236987A9346B8B9A5B649CD9059F2	700783	----a-w-	C:\Users\Itaris\Downloads\dds+ (1).exe
2013-08-16 16:28:40	F265E08A4A53E0FAFF655BF04C490F0C	666633	----a-w-	C:\Users\Itaris\Downloads\adwcleaner.exe
2013-08-16 16:26:47	943236987A9346B8B9A5B649CD9059F2	700783	------r-	C:\Users\Itaris\Downloads\dds+.exe
2013-08-16 13:20:34	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Itaris\AppData\Local\Temp\SHSetup.exe
2013-08-16 13:20:24	244C5C48F2EA54AFB29AE990ADCD1DEF	726464	----a-w-	C:\Users\Itaris\Downloads\SpyHunter-Installer.exe
2013-08-16 12:17:55	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\FRST\Quarantine\eSafe\temp_000.exe
2013-08-16 11:31:23	EFEB95F45EB7430D72D302D998EA3A14	7837712	----a-w-	C:\Users\Itaris\Downloads\Range_MMO7_SD7_0_20_0_64Bit_Drivers (1).exe
2013-08-15 18:07:49	FEE1C90AF84E759CBBE45C0FA9B63012	254064	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-frx.exe
2013-08-15 18:07:47	0C68C4B59CEF048ADADCA4FC4EA6991A	17392	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDisableProxy.exe
2013-08-15 18:04:42	95AA9E165C7DE1B64A11E8B18E91E499	1817560	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
2013-08-15 18:00:42	5E20685E0AD4D5797719BF31B8B5F912	36364784	----a-w-	C:\Users\Itaris\Downloads\spybotsd-2.1.20-SR1.exe
2013-08-15 00:43:45	BC90EED56A5C77168A8D6F0C4221D7CB	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:43:45	6C8BDC9F16943D626DFE8A987BCCFD20	51712	----a-w-	C:\Windows\System32\ie4uinit.exe
2013-08-15 00:43:45	28C2F8C7DBE11AA3DA041D35F4E59481	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-15 00:43:44	7BA1862B8A5698DC5FCFDFF3BC359DE9	770648	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-08-15 00:43:44	133CEF30905806A35606652D409EEEBA	775256	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2013-08-14 09:40:17	9FA7BF625122CCAC90FCD307174D8CF3	3913664	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 09:40:16	DD5F17D44E9966E7EA447AE8C4D12D6C	3968960	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 09:40:16	C19DCA1024135D5485E25AB1047F77BC	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-08-14 09:40:15	D313AE69128A75367AA36E15522931F6	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2013-08-14 09:40:15	CFEEF3185342ADEAE1E77A017052565B	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2013-08-14 09:40:15	3EED15C223E139C3A28B458800E52BF3	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
=== C: other files ==
2013-08-16 13:05:28	F7C9CB06DA9AF75A07C732BD5777B071	19510	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04Q45YH9\3.5.7.22_3.5.7.23[1].zip
2013-08-15 18:56:31	0718882473BDC9C275869DB5C3294834	169043931	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.21_3.5.7.22[1].zip
2013-08-15 17:11:49	C629F11623F0E0CA6E198B6B4B2B5D94	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4001792419-3351727207-731353116-1000\$I72F4Z0.crx
2013-08-15 17:11:01	039A052AA124284F3EECEA6315427F30	32026972	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIESRF3Y\3.5.7.20_3.5.7.21[1].zip
2013-08-15 16:48:01	D9E9D934C8AAD83A5B2863F206F8DAEA	6165630	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIESRF3Y\3.5.7.19_3.5.7.20[1].zip
2013-08-15 16:13:29	376FF5223B7184250DCD674731AF223B	19026403	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.18_3.5.7.19[1].zip
2013-08-15 16:13:27	33F0EA71132FDCEAABA58C20B40E0D24	666961	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.17_3.5.7.18[1].zip
2013-08-15 16:13:25	3AE91F7001720500CAA83273089DBB88	666961	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.16_3.5.7.17[1].zip
2013-08-15 07:01:02	98FE333AEA27B53C69D29B804B39B35C	134166	----a-w-	C:\Users\Itaris\AppData\Local\Temp\jrt\misc.bat
2013-08-15 06:20:52	CA9339D4B7732913EE7399161A4981D1	10256	----a-w-	C:\Users\Itaris\AppData\Local\Temp\jrt\JRT.bat
2013-08-15 06:20:34	EC45E46139A552BDBA23D3A79F5AD4AC	16143	----a-w-	C:\Users\Itaris\AppData\Local\Temp\jrt\get.bat
2013-08-14 09:40:14	DB74544B75566C974815E79A62433F29	1910208	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-08-14 09:40:14	4CE278FC9671BA81A138D70823FCAA09	39936	----a-w-	C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 06:08:02	C151B40412BE1367F567C768DF9FBF72	10973	----a-w-	C:\Users\Itaris\AppData\Local\Temp\jrt\runvalues.bat
2013-08-12 16:22:16	43A419C981AE28DE5AEC202BBA2A5CF1	37079	----a-w-	C:\Users\Itaris\AppData\Local\Temp\jrt\prelim.bat
2013-08-12 16:08:57	70E20B597F9C2D56AE939756CFD5773C	621352	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.15_3.5.7.16[1].zip
2013-08-12 16:08:56	C96D488134991D35C16CD715D2E02FC5	602719	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.14_3.5.7.15[1].zip
2013-08-12 15:26:37	BB6C23057829ACCDE75432881A4DB52A	1171710457	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.13_3.5.7.14[1].zip
2013-08-12 15:26:29	60C4538F95159974970999A932FB34FA	3500874	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.12_3.5.7.13[1].zip
2013-08-12 15:26:25	0B2EE5AA6A7C814675E1823F238AD3AB	1230570	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.11_3.5.7.12[1].zip
2013-08-12 15:26:22	F976369B8145BBA9154F45D956D7940F	1230570	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.10_3.5.7.11[1].zip
2013-08-12 15:26:19	FA68C4A2E5A6F936B3F1BFFB117B8D30	820179	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.9_3.5.7.10[1].zip
2013-08-12 15:26:16	8CBDCCE8A11B202E274C55E6DE0A4683	821047	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.8_3.5.7.9[1].zip
2013-08-12 15:26:13	FA68C4A2E5A6F936B3F1BFFB117B8D30	820179	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.7_3.5.7.8[1].zip
2013-08-12 15:25:42	D6A3B3EF9554F81DF54AB55FFF92C1C4	12562805	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.6_3.5.7.7[1].zip
2013-08-12 15:25:40	14F371BDBAC35453628BA0EB5DD871F4	628096	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.5_3.5.7.6[1].zip
2013-08-12 15:25:20	B0D0BF19E91B4BE0654AEE99CD3BEC94	9259400	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.4_3.5.7.5[1].zip
2013-08-12 15:25:18	CCD2F15AEACE5934EEF37BE7685E3017	667527	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.3_3.5.7.4[1].zip
2013-08-12 15:25:16	0D1934CB007E718F74E97E7BC374C5F8	628735	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.2_3.5.7.3[1].zip
2013-08-12 15:25:14	79C26023FA395C2993D27FA8BA90FEC1	628725	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.1_3.5.7.2[1].zip
2013-08-12 15:25:12	83F1219604BB29F9F607A44F151DEC82	602591	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.7.0_3.5.7.1[1].zip
2013-08-12 15:25:10	74A20C2648D3AE0A026F863F11E1CB2D	667441	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.9_3.5.7.0[1].zip
2013-08-12 15:25:08	BD8AB0E2961EF6547AA88D481C77A78C	667441	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.8_3.5.6.9[1].zip
2013-08-12 15:25:04	D01AA0C230E971D30ED4C8B1E57B91AC	1723715	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.7_3.5.6.8[1].zip
2013-08-12 15:25:02	A34CC5346BFAFCBEF655AE036FB41254	628737	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.6_3.5.6.7[1].zip
2013-08-12 15:25:00	786AE1DFA7D288A149E3CAE102D74F69	648849	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.5_3.5.6.6[1].zip
2013-08-12 15:24:58	786AE1DFA7D288A149E3CAE102D74F69	648849	----a-w-	C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK\3.5.6.4_3.5.6.5[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4001792419-3351727207-731353116-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Steam"="E:\Program Files (x86)\Steam\Steam.exe -silent"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"UX Launcher"="C:\Program Files (x86)\UX Pack\uxlaunch.exe"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Steam"="E:\Program Files (x86)\Steam\Steam.exe -silent"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Inhaltsmanager-Assistent fr PlayStation(R).lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inhaltsmanager-Assistent fr PlayStation(R).lnk"
"backup"="C:\\Windows\\pss\\Inhaltsmanager-Assistent fr PlayStation(R).lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Sony\\CONTEN~1\\CMA.exe "
"item"="Inhaltsmanager-Assistent fr PlayStation(R)"


==== Startup Folders ======================

2013-07-19 15:13:32	1730	----a-w-	C:\users\Itaris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17.07.2013 22:36]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17.07.2013 22:36]
C:\Windows\tasks\HDvid Codec V1-codedownloader.job --a------ C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe [02.08.2013 04:14]
C:\Windows\tasks\HDvid Codec V1-enabler.job --a------ C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe [02.08.2013 04:14]
C:\Windows\tasks\HDvid Codec V1-updater.job --a------ C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe [02.08.2013 04:14]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dnllcmllkjofnojidnaknldfehfhehoo - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx[]

Google Docs - Itaris - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Itaris - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Itaris - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Itaris - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Itaris - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Gmail - Itaris - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK will be deleted at reboot
C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS2F9PHX will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Itaris\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Itaris\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72LE9GIK" not found
"C:\Users\Itaris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS2F9PHX" not found

==== EOF on 16.08.2013 at 23:09:06,33 ======================

so das war alles hoffe ich

sorry das es solange gedauert hat

zu den ordentlichen Deutsch.

Es gibt Leute die können trotz Täglichen üben nicht richtig Schreiben ich zähle leider auch zu diesen Personenkreis selbst wenn ich es besser machen will wird es nicht besser dafür entschuldige ich mich mit der Anmerkung.

Ich kann es einfach nicht besser.

Anbei das Zoek scheint irgendwas gemacht zu haben ich habe wieder google als startseite

ryder · 17.08.2013, 10:18

Das ist ja schon mal prima, aber es fehlt Schritt 4 - Kontrolle mit FRST.

ryder · 19.08.2013, 08:09

Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

16.08.2013, 17:57	#4
ryder /// TB-Ausbilder	Qv06 Virus Wir haben uns bei der Formulierung der Anleitung sehr viel Mühe gegeben und ich bin sicher, dass du das hinkriegst. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

16.08.2013, 18:20	#6
ryder /// TB-Ausbilder	Qv06 Virus Ich möchte hier alle drei Logfiles in der in der Anleitung beschriebenen Weise sehen. __________________ --> Qv06 Virus

17.08.2013, 10:18	#14
ryder /// TB-Ausbilder	Qv06 Virus Das ist ja schon mal prima, aber es fehlt Schritt 4 - Kontrolle mit FRST. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

19.08.2013, 08:09	#15
ryder /// TB-Ausbilder	Qv06 Virus Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Qv06 Virus

Plagegeister aller Art und deren Bekämpfung: Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Qv06 Virus

Ähnliche Themen: Qv06 Virus

16.08.2013, 17:55	#3
itaris	Qv06 Virus leider verstehe ich nicht was da steht ich dachte mir nur es kann helfen da es im angegebenen link auch gefragt wird da ich es nicht verstehe wende ich mich ja an euch aber ich geh den link von dir mal durch^^ __________________

16.08.2013, 18:27	#7
itaris	Qv06 Virus ich versuche sie die ganze zeit hochzuladen relativ erfolglos obwohl ich code nutze ich probiere etwas rum so ich habe es als zip hochgeladen da die dateien einfach zu groß waren sorry dafür combat-gaming.net/bericht.rar <-- berichte einfach runterladen müsste alles drinnen sein (hoffe ich) Geändert von itaris (16.08.2013 um 18:44 Uhr)

16.08.2013, 18:49	#9
itaris	Qv06 Virus das funktioniert nicht wegen zu vielen zeichen selbst einzeln nicht