Win32/Jeefo.A loswerden

SergioX · 10.09.2013, 15:53

Guten Tag ich hab seit heute ein Virus oder trojaner auf meinem PC (Win32/Jeefo.A)
Ich weiß leider nicht wie ich den wegbekomme hab schon mehrere Sachen ausprobiert aber hilft wohl nix kann mir jemand helfen das loszubekommen.
gestern war alles noch okay hab nix von einem virus oder anderes gemerkt und heute bekomm ich das nicht weg und hab nur probleme.
weiß auch nicht woher er kommen könnte :/

cosinus · 10.09.2013, 16:51

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

SergioX · 10.09.2013, 17:42

Hallo lieber cosinus ich danke dir erstmal das du dir zeit nimmst mit mir mein problem zu lösen.
ich hab in einem theard von hier schonmal ein so problem gefunden gehabt da musste er mit OTL das selbe machen ich hab mir in der zeit wo ich gewartet habe auf die antwort, schonmal das gemacht. ich werde es hier einfach posten falls es auf's selbe hinaus geht wenn nicht mach ich dann mit dem farbar's recovery scan tool

OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.09.2013 16:39:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = d:\Users\U\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 74,31% Memory free
15,99 Gb Paging File | 13,82 Gb Available in Paging File | 86,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 9,47 Gb Free Space | 16,19% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 56,05 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
 
Computer Name: U-PC | User Name: U | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.10 16:37:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\U\Desktop\OTL.exe
PRC - [2013.09.10 14:28:58 | 002,285,232 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.09.10 14:28:58 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013.09.10 14:28:58 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013.09.02 14:36:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.09.02 14:36:39 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.09.02 14:36:39 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.08.27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013.08.26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013.08.20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013.08.17 19:55:05 | 000,311,704 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.07.03 18:33:38 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.09.10 14:28:58 | 002,285,232 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.09.10 14:28:58 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013.09.10 14:28:58 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013.08.17 19:55:05 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.08.17 19:55:05 | 000,311,704 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOD - [2009.08.12 00:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\SysWOW64\ac3filter.acm
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.09.10 14:28:58 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013.09.02 14:36:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.09.02 14:36:39 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.08.28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.08.20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013.08.20 21:19:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.08.17 19:55:05 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.03 18:33:38 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.06.03 16:21:54 | 000,197,736 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.09.10 14:28:58 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.09.02 14:36:56 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.09.02 14:36:56 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.08.22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.08.22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.08.22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.08.22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.08.20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.08.01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.08.01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013.08.01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013.06.21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.04.25 17:49:48 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.16 13:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.17 10:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.06.14 10:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.07.26 19:59:18 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk64bit.sys -- (ElRawDisk)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013.03.14 14:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- D:\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20
IE - HKLM\..\SearchScopes,DefaultScope = {11F4FE08-5C4F-4F73-970F-888E55D190CF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = d:\Users\U\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 55 C6 84 59 AA CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT1561552.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&CUI=UN13117919511767327&UM=1&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.4.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN13117919511767327&UM=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\U\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5 [2013.09.10 14:29:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.17 19:55:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.17 19:55:02 | 000,000,000 | ---D | M]
 
[2013.04.26 02:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\U\AppData\Roaming\mozilla\Extensions
[2013.08.27 17:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\U\AppData\Roaming\mozilla\Firefox\Profiles\hw6pl1gi.default\extensions
[2013.08.27 17:27:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\U\AppData\Roaming\mozilla\Firefox\Profiles\hw6pl1gi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.07.31 14:53:35 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\U\AppData\Roaming\mozilla\firefox\profiles\hw6pl1gi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.08.11 13:30:59 | 000,001,005 | ---- | M] () -- C:\Users\U\AppData\Roaming\mozilla\firefox\profiles\hw6pl1gi.default\searchplugins\conduit.xml
[2013.06.16 10:32:57 | 000,007,851 | ---- | M] () -- C:\Users\U\AppData\Roaming\mozilla\firefox\profiles\hw6pl1gi.default\searchplugins\WebSearch.xml
[2013.08.17 19:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.08.17 19:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.17 19:55:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.09.10 14:29:24 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.4.0.5
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2249E8E-86F6-4D3B-B54B-B16425D06487}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SCTBootTasks)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ()
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.10 16:37:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\U\Desktop\OTL.exe
[2013.09.10 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.09.10 14:50:23 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.09.10 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.09.10 14:30:21 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Roaming\AVG2014
[2013.09.10 14:29:37 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Local\AVG Secure Search
[2013.09.10 14:29:25 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Roaming\TuneUp Software
[2013.09.10 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.09.10 14:29:16 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.09.10 14:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.09.10 14:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013.09.10 14:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013.09.10 14:28:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.09.10 14:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013.09.10 14:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.09.10 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Local\MFAData
[2013.09.10 14:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.09.10 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Local\Avg2014
[2013.09.05 20:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastChaosGER
[2013.09.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Roaming\Unity
[2013.09.05 20:24:36 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Local\Unity
[2013.09.05 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.08.22 23:25:44 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013.08.22 23:08:14 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013.08.22 22:55:04 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013.08.22 22:54:54 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013.08.20 22:53:58 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2013.08.17 19:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.15 18:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSRO
[2013.08.15 14:52:11 | 000,000,000 | ---D | C] -- C:\Users\U\AppData\Local\Diagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.10 16:40:22 | 000,377,856 | ---- | M] () -- d:\Users\U\Desktop\gmer_2.1.19163.exe
[2013.09.10 16:37:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\U\Desktop\OTL.exe
[2013.09.10 16:32:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.10 16:32:37 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.10 16:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.10 16:27:29 | 2146,148,351 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.10 16:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.10 16:12:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job
[2013.09.10 14:50:23 | 000,002,929 | ---- | M] () -- d:\Users\U\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.10 14:29:25 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.09.10 14:29:24 | 000,003,715 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.09.10 14:28:58 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.09.09 22:34:01 | 000,000,059 | ---- | M] () -- d:\Users\U\Documents\aionmemo_8255658c.dat
[2013.09.09 19:12:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job
[2013.09.08 15:49:11 | 000,000,080 | ---- | M] () -- C:\Users\U\AppData\Roaming\mBot.ini
[2013.09.02 14:36:56 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.09.02 14:36:56 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.09.02 14:36:56 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.08.22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013.08.22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013.08.22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013.08.22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013.08.20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
 
========== Files Created - No Company Name ==========
 
[2013.09.10 16:40:21 | 000,377,856 | ---- | C] () -- d:\Users\U\Desktop\gmer_2.1.19163.exe
[2013.09.10 14:50:23 | 000,002,929 | ---- | C] () -- d:\Users\U\Desktop\Sophos Virus Removal Tool.lnk
[2013.09.10 14:29:25 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.09.10 14:29:10 | 000,003,715 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013.09.05 19:02:03 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job
[2013.09.05 19:02:02 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job
[2013.07.12 23:12:25 | 001,584,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.02 22:54:17 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.07.02 22:54:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.06.15 22:05:19 | 000,003,584 | ---- | C] () -- C:\Users\U\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.20 22:40:35 | 000,000,080 | ---- | C] () -- C:\Users\U\AppData\Roaming\mBot.ini
[2013.02.27 08:57:04 | 004,283,392 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.12.28 23:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.07.17 15:22:04 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.05.22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.09.10 14:30:21 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\AVG2014
[2013.07.12 23:47:38 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\Just Aion Launcher
[2013.05.26 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\LolClient
[2013.07.02 19:07:49 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\Origin
[2013.09.06 17:14:10 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\Teeworlds
[2013.09.10 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\TS3Client
[2013.09.10 14:29:25 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\TuneUp Software
[2013.09.05 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\Unity
[2013.04.26 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\U\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.09.10 14:28:12 | 000,000,000 | -H-D | M] -- C:\$AVG
[2013.04.25 15:58:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.04.25 15:51:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.04.26 02:21:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.04.25 17:39:25 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.21 18:53:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.09.10 14:50:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.09.10 14:50:29 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.04.25 15:51:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.04.25 15:51:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.24 17:23:07 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.09.10 16:40:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.25 17:41:43 | 000,000,000 | R--D | M] -- C:\Users
[2013.09.10 16:22:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

--- --- ---

Extras

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.09.2013 16:39:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = d:\Users\U\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 74,31% Memory free
15,99 Gb Paging File | 13,82 Gb Available in Paging File | 86,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 9,47 Gb Free Space | 16,19% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 56,05 Gb Free Space | 32,16% Space Free | Partition Type: NTFS
 
Computer Name: U-PC | User Name: U | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ()
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00580224-E551-4C24-B1F3-666D857BBB1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24AD4785-EDE0-40AF-998E-70A45D0F7419}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2EBB3309-0DBD-4306-A0B5-3FE35F7E9807}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3276B5BC-93FB-4A3B-8593-7C63592ED587}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F4B80B1-581C-4921-836A-7FE0BD7BFBE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51B96B0C-8E7C-4BDB-9906-2EDCD7115F0A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5DF194E6-6816-45E1-AF48-E0487D7A01C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7852838F-CC74-4D32-B696-2EFAD5DDA720}" = lport=57566 | protocol=6 | dir=in | name=pando media booster | 
"{804660C7-49F4-47A2-86E0-6A652C430D80}" = lport=139 | protocol=6 | dir=in | app=system | 
"{819FE6C4-8FF2-4767-8341-EA5E1AA99891}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{898A8806-CC1F-4720-80AE-1B4F8AB3B4B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C2FC35C-81ED-4C01-B61C-343B0F527908}" = lport=445 | protocol=6 | dir=in | app=system | 
"{936181A3-6FA3-4149-8B19-1245A0661EE4}" = lport=57566 | protocol=6 | dir=in | name=pando media booster | 
"{95A69E4E-7921-4E40-9448-E8FA9B899604}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9774E885-D798-486F-84B3-7BCAA0866703}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AF752418-24C6-4FC1-9AFD-D19C67C850B5}" = lport=57566 | protocol=17 | dir=in | name=pando media booster | 
"{BBA0C30F-2149-488C-86CC-4DF8574EAF88}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C68C667E-085A-4172-B61B-183DC9D4541D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C6EF03FC-2131-45F8-B018-1030A41BDBA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CCDFAD3C-AA4C-417F-AF86-543D064FD02F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D699F968-B27E-498A-BEF9-24F594C1001D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EC30315C-85A2-4BBB-8EDB-A534CF979ECB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED7ACBCF-4C59-4DDB-B878-EDE534D15959}" = lport=57566 | protocol=17 | dir=in | name=pando media booster | 
"{F5A43B9C-E1DB-45BE-B111-137D68C8707E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FEEB6E3F-C9E3-4E65-AC21-29E6859321A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D56EE9-459B-463B-90BD-02B4698DDE1F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{012B38F3-66E7-4930-ACD9-98E8B355CC1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{03E26567-AB21-4DBE-86F0-77D398C8957A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{0B338F41-0DA6-484E-88AE-80A6B295E46B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C17B17D-B3BD-4DC1-A0A4-4854C5DF04D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1438CDA0-823E-4037-BA4D-040792CB3A80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16B16CC8-58BE-4295-9BFA-B34A273E09D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{17013A58-B078-48CE-8C75-4CF784EFA527}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{251A4456-BA9F-4337-8917-9A272CAB9516}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EA91DBF-A883-4DBC-8E16-FF734CD98C88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{32898028-6B7F-40C6-896C-C2B270701587}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{329DD643-3909-465E-8579-D84FE0E74B47}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{343D9C97-F0C2-4361-8F63-C2A4EFEC5F4D}" = protocol=6 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{35698D68-830F-479B-8451-108F27F5505B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3BB8C52E-2707-4A56-8741-274726061591}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41493464-7E1A-41C8-B471-62F83795CD9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{4298C049-0C9F-48D2-B8BF-19AB5EC6CFBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{45A5E063-219E-41B4-BF3A-1058C7C3F645}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{4856F4DD-86C0-44B0-84E4-9A91B681390E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{49F17401-8E8E-4D28-A4E7-E2AEFD69B14E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4E56D2D2-8867-4A76-877B-6931C70CE6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5016E1B4-102A-4231-8E98-32C6F9A37115}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{502D06E0-B6A7-4968-9848-C1732510C60E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50D32ACA-A735-4BEA-BC72-583D8ED1AC88}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{553BF938-0FA0-47F4-AF00-4F69B42DBD3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59A6D243-655D-41E6-85D2-5EDD70082FF4}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{5A1B75E5-5996-4F81-920F-2CD2FEAB1718}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B327A0C-1ED9-449A-87A4-1AB85B4B8B8F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5DF8F95D-489B-4104-B224-E836B3B1B4A1}" = protocol=58 | dir=in | app=system | 
"{5EA3C4CB-DA61-4701-A8E6-E9F462D79D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{60A39773-488E-4E9C-B86B-A3895C172B02}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{6ED848A5-6F77-4FDC-B6A7-B57430BDF9E0}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{751BA03E-5FAB-4CA3-9FEF-692C697FA5C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{772A73E1-D507-40A2-9F6D-385662DE3632}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{7B9D898C-85EE-4A25-AD3E-3AC3058B678A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D51459E-F540-4274-B05D-F09CEE7AB93F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7E633D28-5F9C-4B21-BA23-F6AD75465B11}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{83337B99-678B-4E98-B360-F0B14884A072}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{896FA055-BE67-4AAA-AD19-BA9616B94481}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{8D6110D7-BAE3-4215-8083-A5E3C397B011}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8EADA12D-758B-4FED-AEC8-205D711525C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{933CCDC8-3704-480D-9461-A509D78F7906}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{99D9F892-214D-4919-86C1-F60044F88C16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C733785-753F-447C-ADD1-D8263BA7A779}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{9E15640C-993F-451F-91FF-8E9674BF05FA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{A9DF810D-439B-4152-8031-936D729BF5D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{ABEDE9EC-47C8-4EC8-BCAB-B11D9574E5A4}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{BC9468B9-276D-47B2-8C66-E1309D53EE49}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BDDDE5EE-E813-42C6-AFF0-7C7BC110B510}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BEBA6A70-AE9B-47FB-9E01-E3A77ED36776}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{C8598C67-1D92-451B-BDA3-BA3F3E5CE71C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9312ED9-4D5B-4575-913A-AF739F5B6F12}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{CD95DB8D-ED49-4A78-BF16-6C05949167E9}" = protocol=6 | dir=out | app=system | 
"{D1578289-A012-4619-9129-EB459531E966}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DAA3D5FF-FDE2-46A4-A282-0856FC4ADB03}" = protocol=17 | dir=in | app=d:\origin\battlefield 3\bf3.exe | 
"{EB151DFE-D79E-4D09-9CFE-4F03AC84B33C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{EBBB0467-D14F-4755-B675-8FF6C83ECFE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC7BA678-FC3D-48ED-913B-AB5902BD32C5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1C5CA69-871E-403A-913A-6A7D22431F5A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{F7331671-E486-484A-A2D4-CF9A2C7BEE42}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{FCD5DE4E-2540-4F4A-8598-0E29BE2FB9DE}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"TCP Query User{01C2A085-CAB8-4403-B821-0EC5543CAD96}D:\users\u\desktop\bard\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\bard\mbot_vsro110.exe | 
"TCP Query User{05D28D3E-22CF-4CB3-B81F-6D135D41CD5B}D:\users\u\desktop\nuker\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\nuker\mbot_vsro110.exe | 
"TCP Query User{1F5166F8-042C-4443-8050-8B792FA0D197}D:\xfire2\xfire.exe" = protocol=6 | dir=in | app=d:\xfire2\xfire.exe | 
"TCP Query User{5524EB14-EA9A-4000-8D21-6AC752827238}D:\arma 2\steamapps\common\arma 2\arma2.exe" = protocol=6 | dir=in | app=d:\arma 2\steamapps\common\arma 2\arma2.exe | 
"TCP Query User{69BEED31-7E8C-4F91-AF4B-1BDDFA6A736E}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{7F4B8752-F64A-42F2-A609-BFFD81E43CDD}D:\users\u\desktop\neuer ordner\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\neuer ordner\mbot_vsro110.exe | 
"TCP Query User{937B75E7-195F-4A02-91B3-D752BF7A5420}D:\users\u\desktop\wizz bot\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\wizz bot\mbot_vsro110.exe | 
"TCP Query User{A56895BB-E63E-4C19-B73D-2904FA861691}D:\users\u\desktop\bot 1\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\bot 1\mbot_vsro110.exe | 
"TCP Query User{AC8AD8AB-1070-4D95-B42D-FD7D3172BEF5}C:\users\u\appdata\local\temp\skype.exe" = protocol=6 | dir=in | app=c:\users\u\appdata\local\temp\skype.exe | 
"TCP Query User{BB1E901D-C131-4325-80F1-A6CB2D592DF7}D:\users\u\desktop\trader\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\trader\mbot_vsro110.exe | 
"TCP Query User{C0718375-A207-40DA-8A55-765B5F6628D2}D:\users\u\desktop\bot 0 (wizzard)\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\bot 0 (wizzard)\mbot_vsro110.exe | 
"TCP Query User{D873E7B6-5640-44FF-BD40-5F46F86D90E8}D:\users\u\desktop\neuer ordner (2)\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\neuer ordner (2)\mbot_vsro110.exe | 
"TCP Query User{DB887205-A5BA-46BD-9B65-799EF4CF94FC}D:\users\u\desktop\rogue bot\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\rogue bot\mbot_vsro110.exe | 
"TCP Query User{F4E53452-C0DD-4A20-9C0B-3B38C4DEBC8E}D:\users\u\desktop\spear\mbot_vsro110.exe" = protocol=6 | dir=in | app=d:\users\u\desktop\spear\mbot_vsro110.exe | 
"TCP Query User{FCD83A2A-FC53-4F12-AA3E-22AB96FFE5F6}D:\arma 2\steamapps\common\arma 2 operation arrowhead\arma2oa.exe" = protocol=6 | dir=in | app=d:\arma 2\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"UDP Query User{06639E68-98E3-4246-A077-D9E0FCAAF860}D:\users\u\desktop\neuer ordner (2)\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\neuer ordner (2)\mbot_vsro110.exe | 
"UDP Query User{147E2022-DE3B-423C-8F1A-DB0BCA9D295B}D:\users\u\desktop\bot 1\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\bot 1\mbot_vsro110.exe | 
"UDP Query User{2273B1A7-006B-42E7-8149-2288DCC4DAE1}D:\users\u\desktop\spear\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\spear\mbot_vsro110.exe | 
"UDP Query User{293ED498-94BE-4F09-AC1E-62207F861863}D:\users\u\desktop\trader\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\trader\mbot_vsro110.exe | 
"UDP Query User{6A0E6516-F3BA-4113-B850-E7985D459CB0}D:\users\u\desktop\wizz bot\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\wizz bot\mbot_vsro110.exe | 
"UDP Query User{73E4BB72-44F3-474D-A851-B48B5B534725}D:\arma 2\steamapps\common\arma 2\arma2.exe" = protocol=17 | dir=in | app=d:\arma 2\steamapps\common\arma 2\arma2.exe | 
"UDP Query User{82227A65-4EB8-46E5-B2D5-ACFE20B3202B}D:\users\u\desktop\neuer ordner\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\neuer ordner\mbot_vsro110.exe | 
"UDP Query User{8E1B50F3-1562-4B87-9977-10BE64BF840B}D:\users\u\desktop\bot 0 (wizzard)\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\bot 0 (wizzard)\mbot_vsro110.exe | 
"UDP Query User{93E2661A-2DA1-4FC4-83A8-E09AD71CD791}D:\arma 2\steamapps\common\arma 2 operation arrowhead\arma2oa.exe" = protocol=17 | dir=in | app=d:\arma 2\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"UDP Query User{9F2270F6-76CF-4C24-AA7E-9826D86FD793}D:\users\u\desktop\bard\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\bard\mbot_vsro110.exe | 
"UDP Query User{AA856F2F-4BF5-4536-9F7E-866AAFCF900F}C:\users\u\appdata\local\temp\skype.exe" = protocol=17 | dir=in | app=c:\users\u\appdata\local\temp\skype.exe | 
"UDP Query User{AD6DD0C5-20D8-4BAF-8A64-F269C2030CD8}D:\users\u\desktop\rogue bot\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\rogue bot\mbot_vsro110.exe | 
"UDP Query User{D3BBCC8F-57B4-4D9A-A317-009BA8172C51}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{EFA1B74B-1789-4014-8341-D4B132B9FBAD}D:\xfire2\xfire.exe" = protocol=17 | dir=in | app=d:\xfire2\xfire.exe | 
"UDP Query User{F5996B24-B5C1-4798-AEBF-37755087C147}D:\users\u\desktop\nuker\mbot_vsro110.exe" = protocol=17 | dir=in | app=d:\users\u\desktop\nuker\mbot_vsro110.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{2EA43D50-131A-44DE-A678-47F6D572AB30}" = AVG 2014
"{4EC90F78-14A6-460E-A6F7-53C85A431FBD}" = AVG 2014
"{70DFF8B2-44A3-2C2C-FB21-783E8291265F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"AVG" = AVG 2014
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.7.0 "Legend"
"{A86A50FC-7C22-478B-BAEF-82393328825F}" = LastChaosGER
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"ESN Sonar-0.70.4" = ESN Sonar
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SP_f5d3e0aa" = SafeSaver 1.74
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"XfireCodec" = Xfire Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.09.2013 10:35:43 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:40:43 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:40:52 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:41:16 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:41:41 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:41:43 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:42:17 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:43:08 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:43:10 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
Error - 10.09.2013 10:47:03 | Computer Name = U-PC | Source = Avira Antivirus | ID = 4115
Description = Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir
 desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!  Fehlercode:
 0x0
 
[ System Events ]
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2013 10:22:38 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:22:39 | Computer Name = U-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.09.2013 10:23:22 | Computer Name = U-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.09.2013 10:26:14 | Computer Name = U-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

--- --- ---

Dann war da der Zweite Schritt das hier

AW: Win32/Jeefo.A loswerden
Lade Dir GMER von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:

IAT/EAT
Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
Show all (sollte abgehackt sein)

Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Bitte poste in deiner nächsten Antwort
gmer.txt

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-10 16:55:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000055 ST325082 rev.3.AE 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\U\AppData\Local\Temp\pgddapog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                  0000000072641a22 2 bytes [64, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                  0000000072641ad0 2 bytes [64, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                  0000000072641b08 2 bytes [64, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                  0000000072641bba 2 bytes [64, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                  0000000072641bda 2 bytes [64, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000076091465 2 bytes [09, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000760914bb 2 bytes [09, 76]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                         0000000076091465 2 bytes [09, 76]
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                        00000000760914bb 2 bytes [09, 76]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076091465 2 bytes [09, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000760914bb 2 bytes [09, 76]
.text   ...                                                                                                                                      * 2
.text   d:\Users\U\Desktop\OTL.exe[5000] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                                 0000000076091465 2 bytes [09, 76]
.text   d:\Users\U\Desktop\OTL.exe[5000] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                                00000000760914bb 2 bytes [09, 76]
.text   ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4396:4824]                                                                           000007fefafb2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4396:4836]                                                                           000007feebf9d618

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}                          
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@jacbabbaklamadkjdlld     0x62 0x61 0x6D 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@jacbabbaklamadkjdlhd     0x62 0x61 0x62 0x70 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@iaccmejlkdkacmcfoc       0x6B 0x61 0x6A 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@haecofgldpchphem         0x6B 0x61 0x6A 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@iaecofdfbilpngjbbf       0x61 0x62 0x6C 0x61 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@jafcdahdenadmhonnpip     0x62 0x61 0x69 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@baad                     0x64 0x61 0x6D 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@babd                     0x64 0x61 0x6F 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@cahcmc                   0x64 0x61 0x62 0x70 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@cahcnc                   0x64 0x61 0x63 0x70 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@iahflmpafefbgecdea       0x65 0x61 0x6A 0x62 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E07D4006-45D1-19E7-101C-87C24E26C6D5}@iahflmpafefbgecdba       0x65 0x61 0x6A 0x62 ...

---- EOF - GMER 2.1 ----

Das ist meine antwort drauf

cosinus · 10.09.2013, 18:47

Was soll das mit OTL, danach hab ich nicht gefragt
Außer wollte ich die Logs deines Virenscanners sehen

Zitat:

64bit- Ultimate Edition Service Pack 1

Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

SergioX · 10.09.2013, 18:56

Ich weiß net kannst es ja mir erklären wieso er es dann verlangt hat.

http://www.trojaner-board.de/108548-...loswerden.html

weiß ich net ob ich das brauch als heimanwender ^^ hab ich halt so gekauft wieso ?

cosinus · 10.09.2013, 18:59

Was soll das mit diesem alten Thread, NIEMAND hat dich aufgefordert das zu machen was da steht!!

Zitat:

hab ich halt so gekauft wieso ?

Weil es nunmal Richtlinien gibt und wenn ich vermute, dass es hier gewerblichen Einsatz gibt kommen halt eben bestimmte Hinweise.

SergioX · 10.09.2013, 19:07

aj man weiß ja nicht dachte du wirst das selbe verlangen wie dort... und kannst du mal in einem höfflicheren tonart mit mir sprechen okay ? ich sprech ja auch nicht mit dir als wärst du mein negger !

wenns okay ist dann mach ich jetz das was du halt brauchst

cosinus · 10.09.2013, 19:15

Zitat:

aj man weiß ja nicht dachte du wirst das selbe verlangen wie dort...

Kannst du lesen? Ich bin nicht Larusso

Zitat:

ich sprech ja auch nicht mit dir als wärst du mein negger !

Über deine Wortwahl solltest du aber nochmal nachdenken

Zudem mach es mich leicht fuchsig, wenn man genauste Instruktionen postet und diese einfach ignoriert werden.

Schon vergessen? Du willst Hilfe also lass dir helfen und mach nur das was dir ein Helfer sagt. Das bin ich diesem Fall ich. Und wenn's mir zu bunt wird weil du zuviel allein machst und dich nicht an Instruktionen hälst, dann kann ich auch schon mal schön ins Schweigen verfallen

SergioX · 10.09.2013, 19:25

Okay dann tuts mir leid können wir von neu anfangen

ich mach jetz das was du von mir brauchst um mir zu helfen

cosinus · 10.09.2013, 19:41

Ja dann fang ma an meine Instruktionen umzusetzen, Fragen zu beantworten etc

SergioX · 10.09.2013, 19:42

Zitat:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Nein hab leider nix auser das was ich gepostet hatte

cosinus · 10.09.2013, 19:55

Das halte ich für Quatsch. Ich hab bisher kein Virenscanner-Log gesehen

Lesen und umsetzen => http://www.trojaner-board.de/125889-...tml#post941520

SergioX · 10.09.2013, 20:20

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by U (administrator) on U-PC on 10-09-2013 21:04:11
Running from D:\Users\U\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() D:\GameforgeLive\gfl_client.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(NCSOFT Corporation) D:\GameforgeLive\Games\DEU_deu\AION\NCLauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1847208 2013-08-28] ()
HKCU\...\Run: [EADM] - D:\Origin\Origin.exe [3549528 2013-08-27] (Electronic Arts)
HKCU\...\Run: [Google Update] - C:\Users\U\AppData\Local\Google\Update\GoogleUpdate.exe [151976 2013-09-05] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851248 2013-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-09-10] ()
BootExecute: autocheck autochk * SCTBootTasks

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Search
SearchScopes: HKLM-x32 - DefaultScope {11F4FE08-5C4F-4F73-970F-888E55D190CF} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/16&hid=2758861023&lg=EN&cc=DE&unqvl=20
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN13117919511767327&UM=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\U\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\U\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\U\AppData\Roaming\Mozilla\Firefox\Profiles\hw6pl1gi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\U\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3534896 2013-08-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300640 2013-08-20] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-03] ()
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [197736 2013-06-03] ()
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-09-10] (AVG Secure Search)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
S2 PowerManager; C:\Windows\svchost.exe [x]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-08-22] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-09-10] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk64bit.sys [23464 2008-07-26] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk64bit.sys [23464 2008-07-26] (EldoS Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 XFDriver64; D:\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 XFDriver64; D:\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 20:44 - 2013-09-10 20:58 - 01949196 _____ (Farbar) d:\Users\U\Desktop\FRST64.exe
2013-09-10 17:01 - 2013-09-10 17:01 - 00000585 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-10 16:59 - 2013-09-10 17:02 - 00000000 ____D C:\Users\U\Downloads\Gameforge Live
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\ProgramData\Sophos
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-10 14:30 - 2013-09-10 14:30 - 00000000 ____D C:\Users\U\AppData\Roaming\AVG2014
2013-09-10 14:29 - 2013-09-10 14:46 - 00000000 ____D C:\Users\U\AppData\Local\AVG Secure Search
2013-09-10 14:29 - 2013-09-10 14:29 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-09-10 14:29 - 2013-09-10 14:29 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-10 14:29 - 2013-09-10 14:29 - 00000987 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Users\U\AppData\Roaming\TuneUp Software
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-09-10 14:29 - 2013-09-10 14:28 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-09-10 14:28 - 2013-09-10 14:33 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-10 14:28 - 2013-09-10 14:28 - 00000000 ___HD C:\$AVG
2013-09-10 14:27 - 2013-09-10 14:27 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-10 14:25 - 2013-09-10 20:59 - 00000000 ____D C:\ProgramData\MFAData
2013-09-10 14:25 - 2013-09-10 14:43 - 00000000 ____D C:\Users\U\AppData\Local\Avg2014
2013-09-10 14:25 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\MFAData
2013-09-05 20:46 - 2013-09-05 20:46 - 00000000 ____D C:\Users\U\AppData\Roaming\Unity
2013-09-05 20:24 - 2013-09-05 20:24 - 00000000 ____D C:\Users\U\AppData\Local\Unity
2013-09-05 19:02 - 2013-09-10 20:12 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job
2013-09-05 19:02 - 2013-09-10 19:12 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job
2013-09-05 19:02 - 2013-09-05 19:07 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA
2013-09-05 19:02 - 2013-09-05 19:07 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core
2013-09-05 19:02 - 2013-09-05 19:02 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 23:25 - 2013-08-22 23:25 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-08-22 23:08 - 2013-08-22 23:08 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-08-22 22:55 - 2013-08-22 22:55 - 00241464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-08-22 22:54 - 2013-08-22 22:54 - 00192824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-08-20 22:53 - 2013-08-20 22:53 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2013-08-17 19:55 - 2013-08-17 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 18:05 - 2013-08-15 18:10 - 00000000 ____D C:\Program Files (x86)\iSRO
2013-08-11 13:31 - 2013-08-11 13:34 - 00000000 ____D C:\Users\U\AppData\Local\Conduit
2013-08-11 13:31 - 2013-08-11 13:31 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-11 13:30 - 2013-08-11 13:31 - 00000009 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-09-10 21:01 - 2013-09-10 21:01 - 00000000 ____D C:\FRST
2013-09-10 21:00 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:00 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 20:59 - 2013-09-10 14:25 - 00000000 ____D C:\ProgramData\MFAData
2013-09-10 20:59 - 2013-04-25 15:48 - 01261024 _____ C:\Windows\WindowsUpdate.log
2013-09-10 20:58 - 2013-09-10 20:44 - 01949196 _____ (Farbar) d:\Users\U\Desktop\FRST64.exe
2013-09-10 20:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 20:55 - 2009-07-14 06:51 - 00043061 _____ C:\Windows\setupact.log
2013-09-10 20:18 - 2013-04-26 02:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 20:12 - 2013-09-05 19:02 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job
2013-09-10 19:12 - 2013-09-05 19:02 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job
2013-09-10 17:04 - 2013-04-25 17:19 - 00158741 _____ C:\Windows\DirectX.log
2013-09-10 17:03 - 2013-05-21 13:12 - 00000661 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2013-09-10 17:02 - 2013-09-10 16:59 - 00000000 ____D C:\Users\U\Downloads\Gameforge Live
2013-09-10 17:01 - 2013-09-10 17:01 - 00000585 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\ProgramData\Sophos
2013-09-10 14:50 - 2013-09-10 14:50 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-09-10 14:46 - 2013-09-10 14:29 - 00000000 ____D C:\Users\U\AppData\Local\AVG Secure Search
2013-09-10 14:43 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\Avg2014
2013-09-10 14:39 - 2013-06-21 18:52 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-10 14:33 - 2013-09-10 14:28 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-10 14:31 - 2013-06-16 10:32 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-10 14:30 - 2013-09-10 14:30 - 00000000 ____D C:\Users\U\AppData\Roaming\AVG2014
2013-09-10 14:29 - 2013-09-10 14:29 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-09-10 14:29 - 2013-09-10 14:29 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-10 14:29 - 2013-09-10 14:29 - 00000987 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Users\U\AppData\Roaming\TuneUp Software
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-09-10 14:29 - 2013-09-10 14:29 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-09-10 14:28 - 2013-09-10 14:29 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-09-10 14:28 - 2013-09-10 14:28 - 00000000 ___HD C:\$AVG
2013-09-10 14:27 - 2013-09-10 14:27 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-10 14:25 - 2013-09-10 14:25 - 00000000 ____D C:\Users\U\AppData\Local\MFAData
2013-09-10 14:18 - 2013-04-26 02:06 - 00000000 ____D C:\Users\U\AppData\Roaming\Skype
2013-09-10 12:50 - 2013-06-28 14:56 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-09 22:34 - 2013-04-30 19:58 - 00000059 _____ d:\Users\U\Documents\aionmemo_8255658c.dat
2013-09-09 13:47 - 2013-05-20 15:38 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-08 15:49 - 2013-05-20 22:40 - 00000080 _____ C:\Users\U\AppData\Roaming\mBot.ini
2013-09-06 17:14 - 2013-05-20 22:48 - 00000000 ____D C:\Users\U\AppData\Roaming\Teeworlds
2013-09-05 20:56 - 2013-04-25 17:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-05 20:46 - 2013-09-05 20:46 - 00000000 ____D C:\Users\U\AppData\Roaming\Unity
2013-09-05 20:24 - 2013-09-05 20:24 - 00000000 ____D C:\Users\U\AppData\Local\Unity
2013-09-05 19:07 - 2013-09-05 19:02 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA
2013-09-05 19:07 - 2013-09-05 19:02 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core
2013-09-05 19:02 - 2013-09-05 19:02 - 00000000 ____D C:\Users\U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-05 19:02 - 2013-06-30 22:50 - 00000000 ____D C:\Users\U\AppData\Local\Google
2013-09-05 10:44 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-02 14:36 - 2013-05-20 15:05 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 14:36 - 2013-04-25 17:50 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 14:36 - 2013-04-25 17:50 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-27 13:59 - 2013-05-21 20:12 - 00000000 ____D C:\Users\U\AppData\Local\Sarkolata
2013-08-22 23:25 - 2013-08-22 23:25 - 00212280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-08-22 23:08 - 2013-08-22 23:08 - 00294712 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-08-22 22:55 - 2013-08-22 22:55 - 00241464 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-08-22 22:54 - 2013-08-22 22:54 - 00192824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-08-20 22:53 - 2013-08-20 22:53 - 00123704 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2013-08-20 21:19 - 2013-04-26 02:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:19 - 2013-04-26 02:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 11:38 - 2013-04-26 02:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 19:55 - 2013-08-17 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 04:08 - 2013-05-24 16:44 - 00000000 ____D C:\Users\U\AppData\Local\PMB Files
2013-08-17 04:08 - 2013-05-24 16:44 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-15 18:32 - 2013-04-25 15:57 - 00000000 ____D C:\Users\U\AppData\Local\VirtualStore
2013-08-15 18:10 - 2013-08-15 18:05 - 00000000 ____D C:\Program Files (x86)\iSRO
2013-08-15 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-12 12:00 - 2013-04-25 16:41 - 00115632 _____ C:\Windows\PFRO.log
2013-08-11 13:34 - 2013-08-11 13:31 - 00000000 ____D C:\Users\U\AppData\Local\Conduit
2013-08-11 13:34 - 2013-06-30 22:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 13:31 - 2013-08-11 13:31 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-11 13:31 - 2013-08-11 13:30 - 00000009 _____ C:\END

Files to move or delete:
====================
C:\Users\U\AppData\Local\Temp\04h5rd0o2u08u89W.dll
C:\Users\U\AppData\Local\Temp\06x0601yoJVeAvl1.dll
C:\Users\U\AppData\Local\Temp\07DC085B8W49dBA4.dll
C:\Users\U\AppData\Local\Temp\098O8QAJV9P7qOoD.dll
C:\Users\U\AppData\Local\Temp\0a24914ETLHniN1J.dll
C:\Users\U\AppData\Local\Temp\0eD3u4ie25HDODSG.dll
C:\Users\U\AppData\Local\Temp\0Gs1gaL64cft6bn9.dll
C:\Users\U\AppData\Local\Temp\0K29O5k8Bfx5njIg.dll
C:\Users\U\AppData\Local\Temp\0kJ06E0XtXl7qd75.dll
C:\Users\U\AppData\Local\Temp\0LE65XaSpoy54m24.dll
C:\Users\U\AppData\Local\Temp\0mL5bxzooUNwMb1N.dll
C:\Users\U\AppData\Local\Temp\0Nkd59PBj4xixCqj.dll
C:\Users\U\AppData\Local\Temp\0nW9xvcX3Ha0841d.dll
C:\Users\U\AppData\Local\Temp\0riF6be9k6V9Pkj4.dll
C:\Users\U\AppData\Local\Temp\0s0E717a6df84Q6b.dll
C:\Users\U\AppData\Local\Temp\0xtl2OF8PFQVcxQ1.dll
C:\Users\U\AppData\Local\Temp\0Y79RB2T74IYQkgZ.dll
C:\Users\U\AppData\Local\Temp\12l5129zHVLJ7e1b.dll
C:\Users\U\AppData\Local\Temp\14LiHc8TfT7hCtq0.dll
C:\Users\U\AppData\Local\Temp\1CsC24m5hy56idU5.dll
C:\Users\U\AppData\Local\Temp\1N3UO4D1k38Q2613.dll
C:\Users\U\AppData\Local\Temp\1qW22kG6XY5n5dbB.dll
C:\Users\U\AppData\Local\Temp\1TFfGL84J54oA52D.dll
C:\Users\U\AppData\Local\Temp\1W5n1VgB7b37cMSd.dll
C:\Users\U\AppData\Local\Temp\20ZYdSq8nA5Apy2g.dll
C:\Users\U\AppData\Local\Temp\22Q5HOc7OUeV3C4F.dll
C:\Users\U\AppData\Local\Temp\24XKxXZdP7P5A3D3.dll
C:\Users\U\AppData\Local\Temp\28L3nHxFOdH5kSmk.dll
C:\Users\U\AppData\Local\Temp\2A6c4ZjD79lGhjJ3.dll
C:\Users\U\AppData\Local\Temp\2aY3krhyI8j80yQ6.dll
C:\Users\U\AppData\Local\Temp\2CR1A0ndR2sJ1J4g.dll
C:\Users\U\AppData\Local\Temp\2f0UJpMfgWpPUGb4.dll
C:\Users\U\AppData\Local\Temp\2lbZt094yupP6dxK.dll
C:\Users\U\AppData\Local\Temp\2pNN27vRXayCR45T.dll
C:\Users\U\AppData\Local\Temp\2QUUa0O1x1LXjMIq.dll
C:\Users\U\AppData\Local\Temp\2VW64U4lmbu64aMZ.dll
C:\Users\U\AppData\Local\Temp\30SjKh162bVkg62W.dll
C:\Users\U\AppData\Local\Temp\31XFbEWpM0445VH3.dll
C:\Users\U\AppData\Local\Temp\334chjhE62K43R9D.dll
C:\Users\U\AppData\Local\Temp\33E7o7cSc9yO40Vs.dll
C:\Users\U\AppData\Local\Temp\38Ri0C8zRO1457WA.dll
C:\Users\U\AppData\Local\Temp\3if74r88e3l9pA2Y.dll
C:\Users\U\AppData\Local\Temp\3LzB5XSxz9a19oOD.dll
C:\Users\U\AppData\Local\Temp\46KaRe4LK5LMesQ0.dll
C:\Users\U\AppData\Local\Temp\47ihuB9X15YfOZo9.dll
C:\Users\U\AppData\Local\Temp\486B2hp3K1nOx3n6.dll
C:\Users\U\AppData\Local\Temp\49KkziLY41L570LT.dll
C:\Users\U\AppData\Local\Temp\4CkbfWw1VEeg8U83.dll
C:\Users\U\AppData\Local\Temp\4dH7Pd87X3Jaf0e7.dll
C:\Users\U\AppData\Local\Temp\4Sor2QM12yXJ315F.dll
C:\Users\U\AppData\Local\Temp\4ueM1QHE0v3lonP2.dll
C:\Users\U\AppData\Local\Temp\564dLyB3va7rWY3H.dll
C:\Users\U\AppData\Local\Temp\57mvdJ6z1bC93daN.dll
C:\Users\U\AppData\Local\Temp\5jZz71Vt35MvSeJ1.dll
C:\Users\U\AppData\Local\Temp\5r2wO8f3l8WOSydA.dll
C:\Users\U\AppData\Local\Temp\5TwUyHC4M2RzJy25.dll
C:\Users\U\AppData\Local\Temp\5U1st970kK5NDlS4.dll
C:\Users\U\AppData\Local\Temp\5X8ny4P97CaCVAf9.dll
C:\Users\U\AppData\Local\Temp\62ohIRLHfEjy3HT2.dll
C:\Users\U\AppData\Local\Temp\64Z65v16LKTCW5m5.dll
C:\Users\U\AppData\Local\Temp\66gB6T720vkfdMC6.dll
C:\Users\U\AppData\Local\Temp\66vc582mhxbwo6vC.dll
C:\Users\U\AppData\Local\Temp\67G5BXBB1I0G00by.dll
C:\Users\U\AppData\Local\Temp\6eH3m090za1d94FU.dll
C:\Users\U\AppData\Local\Temp\6hD9O769gs0iGD97.dll
C:\Users\U\AppData\Local\Temp\6n7B1NbOiaX6iTEG.dll
C:\Users\U\AppData\Local\Temp\6oq402ylxR0UA2FS.dll
C:\Users\U\AppData\Local\Temp\6YyZO0KhiI4fqU67.dll
C:\Users\U\AppData\Local\Temp\74s5uRGN3OUNC940.dll
C:\Users\U\AppData\Local\Temp\7g2mnjY2HpG8N5B0.dll
C:\Users\U\AppData\Local\Temp\7Q5gLj9IGDo6LbxT.dll
C:\Users\U\AppData\Local\Temp\7qzk7XY09YZ7gFOJ.dll
C:\Users\U\AppData\Local\Temp\7S0J7Zmu5h4OjKK5.dll
C:\Users\U\AppData\Local\Temp\80JTx889Pa4pm35P.dll
C:\Users\U\AppData\Local\Temp\8103IdIZy1kWN473.dll
C:\Users\U\AppData\Local\Temp\85267K9Zrq7TQAp3.dll
C:\Users\U\AppData\Local\Temp\864j8LEIePl9LYcK.dll
C:\Users\U\AppData\Local\Temp\86Orc923WWEM8Sg9.dll
C:\Users\U\AppData\Local\Temp\89QbWFmRp6RZZG22.dll
C:\Users\U\AppData\Local\Temp\8IPloNGra6P05WwB.dll
C:\Users\U\AppData\Local\Temp\8O7JAot825kHoPI2.dll
C:\Users\U\AppData\Local\Temp\909YUI04U4UJ7kR3.dll
C:\Users\U\AppData\Local\Temp\918kdu67XM1Y9yPJ.dll
C:\Users\U\AppData\Local\Temp\98NOh1TG4Ot0DZ5E.dll
C:\Users\U\AppData\Local\Temp\9CEaX0KWt8iOShKU.dll
C:\Users\U\AppData\Local\Temp\9m4Z8OG6d0a5HdR0.dll
C:\Users\U\AppData\Local\Temp\9rxQOoY0ouuFounb.dll
C:\Users\U\AppData\Local\Temp\9spwM8Op5H1uiul3.dll
C:\Users\U\AppData\Local\Temp\9y03p8kkasV6LB0C.dll
C:\Users\U\AppData\Local\Temp\9YQN88NsetuSTxTM.dll
C:\Users\U\AppData\Local\Temp\a0u1W6DU6TM3BjFX.dll
C:\Users\U\AppData\Local\Temp\A79F7e2O5C5Vt1Xq.dll
C:\Users\U\AppData\Local\Temp\a9nmq4vskMZN83lT.dll
C:\Users\U\AppData\Local\Temp\ACzCjoeD4wVjzVb0.dll
C:\Users\U\AppData\Local\Temp\aGOWdQHU05YmA9Bk.dll
C:\Users\U\AppData\Local\Temp\Ak9437JKyiXpUu50.dll
C:\Users\U\AppData\Local\Temp\aooP95gXuH7fC4Vv.dll
C:\Users\U\AppData\Local\Temp\AskSLib.dll
C:\Users\U\AppData\Local\Temp\AUDz2F3lahA5v57l.dll
C:\Users\U\AppData\Local\Temp\B7bfMD2Lw61gOq38.dll
C:\Users\U\AppData\Local\Temp\ba60oCpaSTgHUCta.dll
C:\Users\U\AppData\Local\Temp\BEm46dBn41gA47I3.dll
C:\Users\U\AppData\Local\Temp\bnYx7l4KFw0399y0.dll
C:\Users\U\AppData\Local\Temp\buO5oM016Lul7H9F.dll
C:\Users\U\AppData\Local\Temp\c27ztdP2Cp3f4RbK.dll
C:\Users\U\AppData\Local\Temp\c7IWi6ftQ9GjvxR0.dll
C:\Users\U\AppData\Local\Temp\cCW851pbfMs0gzB2.dll
C:\Users\U\AppData\Local\Temp\CizZr9Zg6J10GJ00.dll
C:\Users\U\AppData\Local\Temp\conduitinstaller.exe
C:\Users\U\AppData\Local\Temp\CPh2fi2hGQxk4L59.dll
C:\Users\U\AppData\Local\Temp\cUgpWcZnjDCPVn9L.dll
C:\Users\U\AppData\Local\Temp\d64qrj2926HO0i18.dll
C:\Users\U\AppData\Local\Temp\D9tvj6HuZ4988rA0.dll
C:\Users\U\AppData\Local\Temp\dbpyKhiCFjhmWa8u.dll
C:\Users\U\AppData\Local\Temp\dGX6EPBWJY9Jpj0n.dll
C:\Users\U\AppData\Local\Temp\dKSGIAT1abQD5MAo.dll
C:\Users\U\AppData\Local\Temp\dp6vZ8Yaq1EMZxO6.dll
C:\Users\U\AppData\Local\Temp\DqR4D781pjjQN4M0.dll
C:\Users\U\AppData\Local\Temp\dqYv2623iOT5noV5.dll
C:\Users\U\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\U\AppData\Local\Temp\Dvm1ZI0Wswip87q6.dll
C:\Users\U\AppData\Local\Temp\DZ437WSvC6A5O921.dll
C:\Users\U\AppData\Local\Temp\E1oI0SEsI38epJcS.dll
C:\Users\U\AppData\Local\Temp\E46cf3106ukfeZp3.dll
C:\Users\U\AppData\Local\Temp\e51ac634OEg1mQw3.dll
C:\Users\U\AppData\Local\Temp\eb94UU7ro935eefI.dll
C:\Users\U\AppData\Local\Temp\ECtg4nCuxWN2Jc13.dll
C:\Users\U\AppData\Local\Temp\eDwI661frheoqI5L.dll
C:\Users\U\AppData\Local\Temp\EiiXTvo0wg845wWy.dll
C:\Users\U\AppData\Local\Temp\eLOP2xPjN5m3p7oT.dll
C:\Users\U\AppData\Local\Temp\ev8s8y0q9yaedfb2.dll
C:\Users\U\AppData\Local\Temp\EZKFkYVVQpD4CnLM.dll
C:\Users\U\AppData\Local\Temp\f5225qrr8UWix4Bp.dll
C:\Users\U\AppData\Local\Temp\f5eF0FgGdi5BBqXj.dll
C:\Users\U\AppData\Local\Temp\F5q7bFR5YK33zO08.dll
C:\Users\U\AppData\Local\Temp\fEM1JDM36nth60Lz.dll
C:\Users\U\AppData\Local\Temp\FFOy4O27hUm1B2G0.dll
C:\Users\U\AppData\Local\Temp\FkRusCEYSRHU82o2.dll
C:\Users\U\AppData\Local\Temp\FL4940N76XW3TC6X.dll
C:\Users\U\AppData\Local\Temp\FL5GCFpEa8X04bYe.dll
C:\Users\U\AppData\Local\Temp\fl9tkr068W8lW3wG.dll
C:\Users\U\AppData\Local\Temp\fWPiE0Sl1E82zZJu.dll
C:\Users\U\AppData\Local\Temp\G17m2X7CGxvVLP8Z.dll
C:\Users\U\AppData\Local\Temp\g3Bn52Z221zojl22.dll
C:\Users\U\AppData\Local\Temp\G5WF0s38tCeHZ9Xx.dll
C:\Users\U\AppData\Local\Temp\g8fzWFZHS9KSJ450.dll
C:\Users\U\AppData\Local\Temp\GBFlGAW4dz162b5m.dll
C:\Users\U\AppData\Local\Temp\GD1i3TD85XutGm8H.dll
C:\Users\U\AppData\Local\Temp\Gn35Y5CPLiXXjTJx.dll
C:\Users\U\AppData\Local\Temp\GOV0ho56F13PSD1W.dll
C:\Users\U\AppData\Local\Temp\H61zZWmqNCp8m77e.dll
C:\Users\U\AppData\Local\Temp\h8dk5xAmQ4E0PvMR.dll
C:\Users\U\AppData\Local\Temp\HH70Ytx13dv3wNfS.dll
C:\Users\U\AppData\Local\Temp\hL81Hxdx33AcNJJY.dll
C:\Users\U\AppData\Local\Temp\HoiDaZYTi61bYr99.dll
C:\Users\U\AppData\Local\Temp\hrD1T7jCIQRIVkLq.dll
C:\Users\U\AppData\Local\Temp\I1xJiNr03557Rp87.dll
C:\Users\U\AppData\Local\Temp\I3ZgPl4BEiLpukAO.dll
C:\Users\U\AppData\Local\Temp\i6O9v5zpxWFONj8K.dll
C:\Users\U\AppData\Local\Temp\i9AoPgLBV6lJ22uL.dll
C:\Users\U\AppData\Local\Temp\iE93e8uC85Nbmp4E.dll
C:\Users\U\AppData\Local\Temp\iEGxD7i481u6SYU0.dll
C:\Users\U\AppData\Local\Temp\IEVi89HoN2lLlHjR.dll
C:\Users\U\AppData\Local\Temp\Ik8Q3PMh5rb46I9B.dll
C:\Users\U\AppData\Local\Temp\INM4TID6BRMn2nON.dll
C:\Users\U\AppData\Local\Temp\ipmGui.exe
C:\Users\U\AppData\Local\Temp\iWLHtWAuKBDxWwCe.dll
C:\Users\U\AppData\Local\Temp\JDP3lq491A4K23ci.dll
C:\Users\U\AppData\Local\Temp\jDtZQ15b4A04Y6Ti.dll
C:\Users\U\AppData\Local\Temp\jgRcr5e09P1750gh.dll
C:\Users\U\AppData\Local\Temp\JHHAykm92I16LNnr.dll
C:\Users\U\AppData\Local\Temp\jN15u7c6m3624PkB.dll
C:\Users\U\AppData\Local\Temp\K3NzRzH5qt7DMmS0.dll
C:\Users\U\AppData\Local\Temp\K7siR563uKBew9v3.dll
C:\Users\U\AppData\Local\Temp\kg8hry3G61xnaaQ8.dll
C:\Users\U\AppData\Local\Temp\KKHQ295TUz2PEupd.dll
C:\Users\U\AppData\Local\Temp\kLCL1h2yk1mY109v.dll
C:\Users\U\AppData\Local\Temp\KmY21Y953e84o7SF.dll
C:\Users\U\AppData\Local\Temp\kV6X2L1fyw368A3B.dll
C:\Users\U\AppData\Local\Temp\Kvwd2j5317SLCfjD.dll
C:\Users\U\AppData\Local\Temp\kZ05dkAshw6922AH.dll
C:\Users\U\AppData\Local\Temp\l6wY3SsPFV14EX6W.dll
C:\Users\U\AppData\Local\Temp\LBl5vveZeNob5LC6.dll
C:\Users\U\AppData\Local\Temp\lf35Y5S47uhhTc10.dll
C:\Users\U\AppData\Local\Temp\li0f4FYu29bA9HR7.dll
C:\Users\U\AppData\Local\Temp\lQIEndD7Uv60qg9K.dll
C:\Users\U\AppData\Local\Temp\LzWhFkQP05gzoqg4.dll
C:\Users\U\AppData\Local\Temp\m3ZF1NNb8L06blcd.dll
C:\Users\U\AppData\Local\Temp\M47aSOdy44K8rLAX.dll
C:\Users\U\AppData\Local\Temp\MdF1e3Wb4n9kSfCk.dll
C:\Users\U\AppData\Local\Temp\mgvhtgE8xvKKu485.dll
C:\Users\U\AppData\Local\Temp\MI9357204pG5b68b.dll
C:\Users\U\AppData\Local\Temp\MnnK5eEU6wJ0p8QQ.dll
C:\Users\U\AppData\Local\Temp\mR8IW5o82B73n0n3.dll
C:\Users\U\AppData\Local\Temp\Mx99A4vkcHe58ngv.dll
C:\Users\U\AppData\Local\Temp\n488k5E21ds854i6.dll
C:\Users\U\AppData\Local\Temp\n5p9RcvGkJgHHhfT.dll
C:\Users\U\AppData\Local\Temp\n7TL6726JWom6aPH.dll
C:\Users\U\AppData\Local\Temp\n8Cb3G35rjL8uk6e.dll
C:\Users\U\AppData\Local\Temp\NCfEV2LWBD9kLmnd.dll
C:\Users\U\AppData\Local\Temp\nfjIZn91m3M7C9p7.dll
C:\Users\U\AppData\Local\Temp\nnO66aKH35h50Pkn.dll
C:\Users\U\AppData\Local\Temp\NpIZ6mXwN4b4ty33.dll
C:\Users\U\AppData\Local\Temp\NQB8E7JhZMYsw6QJ.dll
C:\Users\U\AppData\Local\Temp\nVulgS9cAhHG4Zci.dll
C:\Users\U\AppData\Local\Temp\NW42w3fs0HA26Bpr.dll
C:\Users\U\AppData\Local\Temp\O5ITNhuXF5XMEbG0.dll
C:\Users\U\AppData\Local\Temp\Ocnb65j49SchrWhh.dll
C:\Users\U\AppData\Local\Temp\Of78ou0523g1J9wl.dll
C:\Users\U\AppData\Local\Temp\oGSYcc67FZcHcTQz.dll
C:\Users\U\AppData\Local\Temp\oi_{1B8FEF42-5614-4DA4-81CE-4944E09B1381}.exe
C:\Users\U\AppData\Local\Temp\oi_{5BA8FADD-1F48-48FB-8BED-8873407C6247}.exe
C:\Users\U\AppData\Local\Temp\oKV9TaN6lqbvtxI4.dll
C:\Users\U\AppData\Local\Temp\oLv99cd9WbhZ6XOC.dll
C:\Users\U\AppData\Local\Temp\Om8X98SG8bAyzJjM.dll
C:\Users\U\AppData\Local\Temp\OONih52r255E9Vi8.dll
C:\Users\U\AppData\Local\Temp\ose00000.exe
C:\Users\U\AppData\Local\Temp\OSIlgGC9Q2e0ujca.dll
C:\Users\U\AppData\Local\Temp\P13L96d141TIto4q.dll
C:\Users\U\AppData\Local\Temp\P5o47yFrws9hUsVO.dll
C:\Users\U\AppData\Local\Temp\P68N9lBByahsHzL2.dll
C:\Users\U\AppData\Local\Temp\pC6X1y31g4tRwAw1.dll
C:\Users\U\AppData\Local\Temp\PHPtkEa6Hc4h7AB0.dll
C:\Users\U\AppData\Local\Temp\PqidVukE7PZOaCMh.dll
C:\Users\U\AppData\Local\Temp\pzViiJ4P0D5e2b6R.dll
C:\Users\U\AppData\Local\Temp\q6AFLqYqbpxmM2nC.dll
C:\Users\U\AppData\Local\Temp\Qa6AVW4lhdJ9S62z.dll
C:\Users\U\AppData\Local\Temp\qB0Zl42FK64xHuGd.dll
C:\Users\U\AppData\Local\Temp\QJZN5w55s16296Ht.dll
C:\Users\U\AppData\Local\Temp\qm2r9kJ5FJgh6E5a.dll
C:\Users\U\AppData\Local\Temp\qo0a57DA2i28NzTS.dll
C:\Users\U\AppData\Local\Temp\qPr0667MLCg5NOLw.dll
C:\Users\U\AppData\Local\Temp\QQHpoA70S0J89Hj1.dll
C:\Users\U\AppData\Local\Temp\Qr76U3q4sj3um5RT.dll
C:\Users\U\AppData\Local\Temp\Qt79x116QOGt4eHh.dll
C:\Users\U\AppData\Local\Temp\QtqtAc9y1catTpip.dll
C:\Users\U\AppData\Local\Temp\qZ7iC6W9by1YO04T.dll
C:\Users\U\AppData\Local\Temp\r0901gyUWML8Uf9C.dll
C:\Users\U\AppData\Local\Temp\r633C5H5JZlR7f6Y.dll
C:\Users\U\AppData\Local\Temp\RI2vpZmq3w4aVrN9.dll
C:\Users\U\AppData\Local\Temp\rkjZS9vUg6N3O5mq.dll
C:\Users\U\AppData\Local\Temp\RYi8syI7m2XJWDEh.dll
C:\Users\U\AppData\Local\Temp\s2y9uZR00Y3kVA6M.dll
C:\Users\U\AppData\Local\Temp\S37xoN3w2Kpt0rY1.dll
C:\Users\U\AppData\Local\Temp\S4h02Y7dJn7O1LGN.dll
C:\Users\U\AppData\Local\Temp\Sj5Hij8EYh8VaU5k.dll
C:\Users\U\AppData\Local\Temp\Skype.exe
C:\Users\U\AppData\Local\Temp\SkypeSetup.exe
C:\Users\U\AppData\Local\Temp\sonarinst.exe
C:\Users\U\AppData\Local\Temp\SqMnp17B046UXGSN.dll
C:\Users\U\AppData\Local\Temp\sVzb68R3M1UvR52h.dll
C:\Users\U\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\U\AppData\Local\Temp\t1dv0saWjDb14UKU.dll
C:\Users\U\AppData\Local\Temp\t320S4fxM7dSXI2B.dll
C:\Users\U\AppData\Local\Temp\T33emwz2kX8u8EA6.dll
C:\Users\U\AppData\Local\Temp\t88ZjfQV0aq6igeD.dll
C:\Users\U\AppData\Local\Temp\t8vzO5QWJv6vF3yE.dll
C:\Users\U\AppData\Local\Temp\tbHots.dll
C:\Users\U\AppData\Local\Temp\tdx29BEfVIyHIG1T.dll
C:\Users\U\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\U\AppData\Local\Temp\u0GGD93bqbW16PUM.dll
C:\Users\U\AppData\Local\Temp\u9031Tc8IW7HMrn0.dll
C:\Users\U\AppData\Local\Temp\uB3zmGcnLXlV4BVZ.dll
C:\Users\U\AppData\Local\Temp\UiWhPQMirBjT7O52.dll
C:\Users\U\AppData\Local\Temp\UJ7vSV1OXOrpaDOq.dll
C:\Users\U\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\U\AppData\Local\Temp\urQIWr696j7u938w.dll
C:\Users\U\AppData\Local\Temp\usvFq7XBYRdDZUZh.dll
C:\Users\U\AppData\Local\Temp\UY5iE284dllLBwIJ.dll
C:\Users\U\AppData\Local\Temp\vf05J8jDVnBgvGhc.dll
C:\Users\U\AppData\Local\Temp\VK7950h34Vo3Q8eO.dll
C:\Users\U\AppData\Local\Temp\vprUC2r66vZR0zG9.dll
C:\Users\U\AppData\Local\Temp\vSQi8SwLXSV544wv.dll
C:\Users\U\AppData\Local\Temp\WjTigv8E10p45uST.dll
C:\Users\U\AppData\Local\Temp\WPV96lxUhUxN6B30.dll
C:\Users\U\AppData\Local\Temp\wRywJAo0v98VAEP3.dll
C:\Users\U\AppData\Local\Temp\WuAVoy67Ra3b98r9.dll
C:\Users\U\AppData\Local\Temp\X381qtDDOs5q26uI.dll
C:\Users\U\AppData\Local\Temp\x681ZU3Y5fz0Zy2s.dll
C:\Users\U\AppData\Local\Temp\x8tgI68o2e7khbgM.dll
C:\Users\U\AppData\Local\Temp\XAPb757FC4k4sdL2.dll
C:\Users\U\AppData\Local\Temp\Xbw5At47b4MSr4d0.dll
C:\Users\U\AppData\Local\Temp\xNhwTVTSpPKS8q5u.dll
C:\Users\U\AppData\Local\Temp\XRLjWlWvmHWv81sP.dll
C:\Users\U\AppData\Local\Temp\xt3G346kG2giHW0x.dll
C:\Users\U\AppData\Local\Temp\Y1DxC8qWsn2T98K3.dll
C:\Users\U\AppData\Local\Temp\yDj718p71fbNDi99.dll
C:\Users\U\AppData\Local\Temp\yfQ7U7HIvhuNeq61.dll
C:\Users\U\AppData\Local\Temp\yIcJ591Ox8Q5gIAB.dll
C:\Users\U\AppData\Local\Temp\yjusXHo6ajC4uV06.dll
C:\Users\U\AppData\Local\Temp\ykX8HbCSU60gB588.dll
C:\Users\U\AppData\Local\Temp\ysPtrKY2F7I5O6nQ.dll
C:\Users\U\AppData\Local\Temp\YTt10AUqj0lwc4lB.dll
C:\Users\U\AppData\Local\Temp\YUzoTxoiF63v2k79.dll
C:\Users\U\AppData\Local\Temp\yWef4SOEEE13oABJ.dll
C:\Users\U\AppData\Local\Temp\yX2W7mk6AWJ591ko.dll
C:\Users\U\AppData\Local\Temp\Yxj3nRg752Vh8Awn.dll
C:\Users\U\AppData\Local\Temp\z261u0eD9gm7teqs.dll
C:\Users\U\AppData\Local\Temp\z3Y7QDL9I841h40X.dll
C:\Users\U\AppData\Local\Temp\Z42g13677tv7883R.dll
C:\Users\U\AppData\Local\Temp\z9T617v83vRu5nW9.dll
C:\Users\U\AppData\Local\Temp\ZCl0UGPXCANrTu8q.dll
C:\Users\U\AppData\Local\Temp\Zh30NYEXI9UJYo0U.dll
C:\Users\U\AppData\Local\Temp\ZIaWSgRiK3UQZHw8.dll
C:\Users\U\AppData\Local\Temp\ZKB0BpPGbbBD9zQE.dll
C:\Users\U\AppData\Local\Temp\zL8m8i32F08fhb69.dll
C:\Users\U\AppData\Local\Temp\zL8Rd3V5bq1b3enb.dll
C:\Users\U\AppData\Local\Temp\ZUp71Q9O4d62E8hV.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 16:16

==================== End Of Log ============================

--- --- ---

Addition

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by U at 2013-09-10 21:07:36
Running from D:\Users\U\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

2014 (Version: 2014.0.4117)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
AION Free-to-Play (x32)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
Arma 2: Operation Arrowhead Beta (x32)
ATI Catalyst Install Manager (Version: 3.0.790.0)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4117)
AVG Security Toolbar (x32 Version: 15.4.0.5)
ESN Sonar (x32 Version: 0.70.4)
Gameforge Live 1.7.0 "Legend" (x32 Version: 1.7.0)
LastChaosGER (x32 Version: 1.00.000)
League of Legends (x32 Version: 1.3)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.0.19.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Origin (x32 Version: 9.2.1.4399)
Pando Media Booster (x32 Version: 2.6.0.9)
PunkBuster Services (x32 Version: 0.991)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
SafeSaver 1.74 (x32)
Skype™ 6.5 (x32 Version: 6.5.158)
Sophos Virus Removal Tool (x32 Version: 2.4)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
Unity Web Player (HKCU Version: )
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.7 (Version: 2.0.7)
Win7codecs (x32 Version: 4.0.7)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
Xfire 2.0 (x32 Version: 2.0)
Xfire Codec (remove only) (x32)

==================== Restore Points =========================

10-09-2013 14:40:32 OTL Restore Point - 10.09.2013 16:40:32
10-09-2013 15:03:48 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {23D0D8DD-A0C1-4040-80EB-2CCEE472F02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {3E1A327B-99F2-44FE-B0A0-6E94B05695F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {801A5B7D-EAE6-4298-B71C-8AFCBB593404} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core => C:\Users\U\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] ()
Task: {8131BE8A-2082-4197-A83A-5720B5D26D33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {93F116F9-3E99-4664-B52D-CB7A9E5E476C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D879DF33-F6E8-4C20-A9E4-06D19B2961FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA => C:\Users\U\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000Core.job => C:\Users\U\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-904730392-2491290814-2578163216-1000UA.job => C:\Users\U\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-25 17:40 - 2013-03-15 07:53 - 15508512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-04-25 16:04 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-06-19 13:54 - 2013-06-19 13:54 - 00178800 _____ (Sony DADC Austria AG.) c:\windows\SysWOW64\cmdlineext_x64.dll
2013-04-25 17:33 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-04-25 17:33 - 2012-07-16 13:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2013-04-25 17:50 - 2013-09-02 14:36 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-09-10 14:29 - 2013-09-10 14:28 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
2013-09-10 14:29 - 2013-09-10 14:28 - 00145072 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00088064 _____ () D:\GameforgeLive\libgcc_s_sjlj-1.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00863744 _____ () D:\GameforgeLive\libstdc++-6.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 01765301 _____ () D:\GameforgeLive\libgcrypt-11.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00126959 _____ () D:\GameforgeLive\libgpg-error-0.dll
2013-09-10 17:01 - 2013-08-19 14:23 - 00530432 _____ () D:\GameforgeLive\log4qt.dll
2013-09-10 17:01 - 2013-07-01 15:02 - 03223552 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\QtCore4.dll
2013-09-10 17:01 - 2013-08-19 18:04 - 00141312 _____ () D:\GameforgeLive\qjson.dll
2013-09-10 17:01 - 2013-07-01 15:02 - 01452032 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\QtNetwork4.dll
2013-09-10 17:01 - 2013-07-01 15:02 - 11582976 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\QtGui4.dll
2013-09-10 17:01 - 2013-07-01 15:02 - 24611328 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\QtWebKit4.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00033280 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\imageformats\qgif4.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00035840 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\imageformats\qico4.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00211968 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\imageformats\qjpeg4.dll
2013-09-10 17:01 - 2013-05-02 13:17 - 00318464 _____ (Digia Plc and/or its subsidiary(-ies)) D:\GameforgeLive\imageformats\qmng4.dll
2013-09-10 17:01 - 2013-07-18 15:45 - 00208384 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) D:\GameforgeLive\ssleay32.dll
2013-09-10 17:01 - 2013-07-18 15:45 - 01018880 _____ (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) D:\GameforgeLive\LIBEAY32.dll
2013-09-10 17:03 - 2013-09-10 17:05 - 00991232 _____ (NCSOFT) D:\GameforgeLive\Games\DEU_deu\AION\NCUpdater.dll
2013-08-20 21:19 - 2013-08-20 21:19 - 16230792 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx

==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 09:07:04 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:58 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:49 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:34 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:29 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:26 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:21 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:06:12 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:02:30 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\guardgui.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

Error: (09/10/2013 09:02:15 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Eine Programmdatei von AntiVir (c:\program files (x86)\avira\antivir desktop\avscan.exe) ist nicht vorhanden oder wurde verändert bzw. zerstört!
Fehlercode: 0x0

System errors:
=============
Error: (09/10/2013 08:45:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgwd erreicht.

Error: (09/10/2013 04:26:14 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/10/2013 04:23:22 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (09/10/2013 04:22:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Microsoft Office Sessions:
=========================
Error: (09/10/2013 09:07:04 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\guardgui.exe0x0

Error: (09/10/2013 09:06:58 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\avscan.exe0x0

Error: (09/10/2013 09:06:49 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\guardgui.exe0x0

Error: (09/10/2013 09:06:34 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\avscan.exe0x0

Error: (09/10/2013 09:06:29 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\guardgui.exe0x0

Error: (09/10/2013 09:06:26 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\avscan.exe0x0

Error: (09/10/2013 09:06:21 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\guardgui.exe0x0

Error: (09/10/2013 09:06:12 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\avscan.exe0x0

Error: (09/10/2013 09:02:30 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\guardgui.exe0x0

Error: (09/10/2013 09:02:15 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: c:\program files (x86)\avira\antivir desktop\avscan.exe0x0

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8190.3 MB
Available physical RAM: 6038.76 MB
Total Pagefile: 16378.79 MB
Available Pagefile: 14422.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:58.5 GB) (Free:0.76 GB) NTFS
Drive d: (D) (Fixed) (Total:174.29 GB) (Free:69.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DC5CDC5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 10.09.2013, 20:28

Ich warte immer noch auf die Virenscanner Logs!

SergioX · 11.09.2013, 09:39

bin grad dabei musste gestern leider offline

wie kann ich dann die logs schicken ich habe AVG antivirus

nicht avira

also ich hab jetz das rausbekommen aus dem AVG

"Gesamten Computer scannen"
"Hohe Priorität";"5";"5";"0"
"Ausgewählte Ordner:";"Gesamten Computer scannen"
"Gestartet:";"11.09.2013, 09:37:46"
"Beendet:";"11.09.2013, 10:37:03"
"Gescannter Objekte:";"121050"
"Benutzer:";"U"

"Status";"Priorität";"Name";"Beschreibung";"Ergebnis"
"Geheilt";"Hoch";"Virus identifiziert: Win32/Hidrag.A";"C:\Program Files (x86)\Steam\steam\backup\english\steambackup.exe";"Gesichert"
"Geheilt";"Hoch";"Virus identifiziert: Win32/Hidrag.A";"C:\Program Files (x86)\Steam\steam\backup\italian\steambackup.exe";"Gesichert"
"Geheilt";"Hoch";"Virus identifiziert: Win32/Hidrag.A";"C:\Program Files (x86)\Steam\steam\backup\spanish\steambackup.exe";"Gesichert"
"Geheilt";"Hoch";"Virus identifiziert: Win32/Hidrag.A";"C:\Program Files (x86)\Steam\steam\backup\german\steambackup.exe";"Gesichert"
"Geheilt";"Hoch";"Virus identifiziert: Win32/Hidrag.A";"C:\Program Files (x86)\Steam\steam\backup\french\steambackup.exe";"Gesichert"

10.09.2013, 19:41	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Jeefo.A loswerden Ja dann fang ma an meine Instruktionen umzusetzen, Fragen zu beantworten etc __________________ Logfiles bitte immer in CODE-Tags posten

10.09.2013, 19:55	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Jeefo.A loswerden Das halte ich für Quatsch. Ich hab bisher kein Virenscanner-Log gesehen Lesen und umsetzen => http://www.trojaner-board.de/125889-...tml#post941520 __________________ Logfiles bitte immer in CODE-Tags posten

10.09.2013, 20:28	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32/Jeefo.A loswerden Ich warte immer noch auf die Virenscanner Logs! __________________ Logfiles bitte immer in CODE-Tags posten

Win32/Jeefo.A loswerden

Plagegeister aller Art und deren Bekämpfung: Win32/Jeefo.A loswerden