| |
| |||||||
Log-Analyse und Auswertung: Trojan.Win32.Buzus.nzom danach 20 MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.09.2013, 20:54
| #1 |
 |  Trojan.Win32.Buzus.nzom danach 20 Malware Hallo, habe aus den Internet eine Programm Demo runtergeladen. Leider hatte ich mit dieser Demo Pech gehabt denn sie enthielt einen Virus namens Trojan.Win32.Buzus.nzom. Anschließend hatte nach den Scan dann noch 20 Malware auf den Rechner gehabt. Bin mir jetzt nicht mehr sicher ob ich noch mehr Mist mir eingefangen habe. Habe Schon mal Malwarebytes und OTL mal drüber laufen lassen. Malwareytes ist beim ersten mal abgestürzt beim 2mal ging es. Vorab schon mal vielen Dank für die Hilfe. Gruß Rene Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 **** :: **** [Administrator] 15.09.2013 20:49:05 mbam-log-2013-09-15 (20-49-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Heuristiks/Extra | P2P Durchsuchte Objekte: 50120 Laufzeit: 2 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9608861-646F-028F-BC9D-F7854B605E83} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 14 C:\ProgramData\BBroowsee2save\5160180581315.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{D4497318-80AE-4131-A3DA-C88C0FAA51EE}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{D4497318-80AE-4131-A3DA-C88C0FAA51EE}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\BU87d55B.exe.part (PUP.Optional.YourFileDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\QcUUQfB2.exe.part (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\toolbar62927277.exe (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\toolbar62927854.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\uninstall63745861.exe (PUP.Optional.YourFileDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\40E6E4BF-BAB0-7891-91E0-21BEBEBAF61D\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\40E6E4BF-BAB0-7891-91E0-21BEBEBAF61D\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\40E6E4BF-BAB0-7891-91E0-21BEBEBAF61D\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\40E6E4BF-BAB0-7891-91E0-21BEBEBAF61D\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\updA103\BabMaint.x (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 15.09.2013 21:13:28 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 12,97 Gb Available Physical Memory | 81,27% Memory free 31,90 Gb Paging File | 28,60 Gb Available in Paging File | 89,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,47 Gb Total Space | 55,21 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 194,59 Gb Free Space | 20,89% Space Free | Partition Type: NTFS Drive E: | 633,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital ) PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital ) PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital) PRC - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) PRC - D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe (Transaction Software, D 81829 Munich) PRC - D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe (Transaction Software, D 81829 Munich) PRC - D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe (Transaction Software, D 81829 Munich) PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () PRC - D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe (Transaction Software, D 81829 Munich) PRC - D:\Programme\EWA net\server\bin\tomcat.exe (Alexandria Software Consulting) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\expertpdf4core.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfcvt100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\visage100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VSDesktop100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\TMSlite100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsmisc100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\te100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VirtualTree100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\js32.dll () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\uoolep100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\sqlite.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital ) SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital ) SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) SRV - (EWA net DB WIS) -- D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe (Transaction Software, D 81829 Munich) SRV - (EWA net DB Core) -- D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe (Transaction Software, D 81829 Munich) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EWA net DB EPC) -- D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe (Transaction Software, D 81829 Munich) SRV - (EWA net Server) -- D:\Programme\EWA net\server\bin\tomcat.exe (Alexandria Software Consulting) ========== Driver Services (SafeList) ========== DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies) DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI) DRV - (cpuz134) -- D:\Programme\PC Wizard 2010\pcwiz_x64.sys (Windows (R) Win 7 DDK provider) DRV - (UnlockerDriver5) -- D:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys () DRV - (atillk64) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F CC 52 8C 9D 93 CD 01 [binary data] IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.09.11 10:44:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.05.22 14:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.05.22 14:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.05.22 14:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.05.22 14:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.05.22 14:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.09.11 10:44:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.11 10:45:34 | 000,000,000 | ---D | M] [2012.09.16 01:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.09.09 09:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sgq0fjf2.default\extensions [2013.09.09 09:47:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sgq0fjf2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.08.04 17:12:09 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sgq0fjf2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.04 00:46:50 | 000,006,505 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sgq0fjf2.default\searchplugins\babylon.xml [2013.07.04 00:47:00 | 000,001,294 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sgq0fjf2.default\searchplugins\delta.xml [2013.08.17 11:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.08.17 11:42:20 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.08.17 11:42:20 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.08.17 11:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.08.17 11:42:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.22 14:32:59 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.09.11 10:44:45 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.09.11 10:44:25 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013.02.03 03:11:01 | 000,003,243 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml ========== Chrome ========== CHR - homepage: CHR - Extension: No name found = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () O4 - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D66AF38-9683-4937-8279-DBF7532080ED}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2013.02.17 08:54:19 | 000,000,973 | ---- | M] () - D:\autoexec.cfg -- [ NTFS ] O32 - AutoRun File - [2005.08.29 11:13:02 | 000,049,152 | R--- | M] () - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.11 16:49:08 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{2c0f78be-d3c7-11e2-885c-8c89a5803641}\Shell - "" = AutoRun O33 - MountPoints2\{2c0f78be-d3c7-11e2-885c-8c89a5803641}\Shell\AutoRun\command - "" = F:\Unlock.exe autoplay=true O33 - MountPoints2\{44b5bcc3-645b-11e1-8caa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{44b5bcc3-645b-11e1-8caa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005.08.29 11:13:02 | 000,049,152 | R--- | M] () O33 - MountPoints2\{58f2ce48-6459-11e1-96d3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{58f2ce48-6459-11e1-96d3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe O33 - MountPoints2\{edcb997e-7c07-11e1-87e9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{edcb997e-7c07-11e1-87e9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005.08.29 11:13:02 | 000,049,152 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.09.13 13:25:38 | 015,884,288 | ---- | C] (Frontier Developments Ltd) -- C:\Users\****\Desktop\RCT3plus.exe [2013.09.13 01:46:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.09.13 01:46:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.09.13 01:46:23 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.09.13 01:46:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.09.13 01:46:23 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.09.13 01:46:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.09.13 01:46:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.09.13 01:46:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.09.13 01:46:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.09.13 01:46:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.09.13 01:46:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.09.13 01:46:22 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.09.13 01:46:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.09.13 01:46:22 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.09.13 01:46:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.09.13 00:38:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys [2013.09.13 00:38:47 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.09.13 00:38:47 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.09.13 00:38:47 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.09.13 00:38:47 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.09.13 00:38:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.09.13 00:38:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.09.13 00:38:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.09.13 00:38:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.09.13 00:38:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.09.13 00:38:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.09.13 00:38:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.09.13 00:38:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.09.13 00:38:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.09.13 00:38:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.09.13 00:38:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.09.13 00:38:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.09.13 00:38:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.09.13 00:38:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.09.13 00:38:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013.09.13 00:38:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.09.13 00:38:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.09.13 00:38:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.09.13 00:38:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.09.13 00:38:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.09.13 00:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.09.13 00:38:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.09.13 00:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.09.13 00:38:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.09.13 00:38:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.09.12 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Atari [2013.09.12 21:31:47 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.09.12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\RCT3 [2013.09.12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Pictures [2013.09.12 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Music [2013.09.12 21:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft [2013.09.12 21:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2013.09.12 18:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2013.09.11 10:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.09.11 10:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013.08.21 01:25:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2013.08.21 01:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.08.17 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.09.15 21:16:16 | 001,616,098 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.09.15 21:16:16 | 000,697,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.09.15 21:16:16 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.09.15 21:16:16 | 000,148,452 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.09.15 21:16:16 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.09.15 21:15:23 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.09.15 21:15:23 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.09.15 21:10:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.09.15 21:10:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.09.15 21:10:17 | 4257,386,494 | -HS- | M] () -- C:\hiberfil.sys [2013.09.15 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.09.15 20:28:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.09.14 14:08:06 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2013.09.13 20:04:02 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.09.13 20:04:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.09.13 09:37:35 | 000,328,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.09.12 21:31:47 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.09.12 00:18:22 | 000,020,992 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.09.11 10:44:48 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.09.11 10:44:31 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013.09.11 10:44:25 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013.09.11 10:44:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.09.11 10:44:24 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013.09.08 00:01:38 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Live Update 5.lnk [2013.08.21 01:25:40 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.08.17 23:54:01 | 000,003,148 | ---- | M] () -- C:\Users\****\Documents\Mein Film1.wlmp ========== Files Created - No Company Name ========== [2013.09.13 13:23:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2013.09.12 21:24:45 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2013.09.11 10:44:48 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.08.21 10:38:10 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Live Update 5.lnk [2013.08.21 01:25:40 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.08.17 23:54:01 | 000,003,148 | ---- | C] () -- C:\Users\****\Documents\Mein Film1.wlmp [2013.05.24 13:06:42 | 000,000,122 | ---- | C] () -- C:\Users\****\.ewanapi_cookie [2013.05.23 17:21:14 | 000,001,606 | ---- | C] () -- C:\Windows\SysWow64\font.ini [2013.05.15 12:38:38 | 000,002,072 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.10 15:34:39 | 000,002,421 | ---- | C] () -- C:\Users\****\13150_1343051216.jpg [2013.02.19 01:30:26 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-****-Microsoft-Windows-7-Home-Premium-(64-Bit).dat [2013.02.04 03:07:13 | 000,000,337 | ---- | C] () -- C:\Users\****\AppData\Local\Perfmon.PerfmonCfg [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.11.10 15:40:18 | 000,020,992 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.16 01:24:10 | 000,000,408 | ---- | C] () -- C:\Users\****\AppData\Roaming\CamShapes.ini [2012.09.16 01:24:10 | 000,000,408 | ---- | C] () -- C:\Users\****\AppData\Roaming\CamLayout.ini [2012.09.16 01:24:10 | 000,000,046 | ---- | C] () -- C:\Users\****\AppData\Roaming\Camdata.ini [2012.09.16 01:19:04 | 000,004,428 | ---- | C] () -- C:\Users\****\AppData\Roaming\CamStudio.cfg [2012.08.21 21:27:37 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2012.07.15 13:59:55 | 000,017,408 | ---- | C] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.05.30 18:56:42 | 000,241,924 | ---- | C] () -- C:\Users\****\Bild055.jpg [2012.05.05 13:37:34 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2012.05.05 13:37:34 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2012.04.29 21:17:37 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.04.01 16:35:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.31 19:37:34 | 000,007,611 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2012.03.07 22:49:51 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2012.03.02 13:33:46 | 001,592,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.01 04:36:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.01 04:36:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.10 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ADAC Auto 2012 [2013.09.12 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2013.07.04 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2012.04.29 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CAD-KAS [2012.11.10 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2013.09.11 02:09:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EurekaLog [2013.05.26 09:51:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eXPert PDF 6 [2012.04.29 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Expert PDF Reader [2012.09.16 04:37:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeScreenToVideo [2012.07.06 13:14:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ifkauz [2013.03.19 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media [2013.01.29 23:02:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2013.05.15 06:36:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2012.07.30 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin [2012.08.21 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Shark007 [2013.02.25 00:17:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Synthesia [2013.08.21 17:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2012.11.10 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2012.03.30 16:41:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft [2013.05.09 15:51:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wargaming.net [2013.04.29 23:22:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinFF [2013.02.12 18:29:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wireshark [2013.03.05 21:40:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XMedia Recode [2013.07.04 00:46:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\YourFileDownloader ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.09.2013 21:13:28 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,95 Gb Total Physical Memory | 12,97 Gb Available Physical Memory | 81,27% Memory free
31,90 Gb Paging File | 28,60 Gb Available in Paging File | 89,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 55,21 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 194,59 Gb Free Space | 20,89% Space Free | Partition Type: NTFS
Drive E: | 633,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5C3B9E32-FDC6-45BB-9834-5B2C9B5E8D47}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A52C2B2B-86F9-4705-BE40-B87E597EBADC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F41200-008C-4C4B-AD62-F49113F75B66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{0554FD78-06DE-4C1D-89EF-A70B64A6AF28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C5A5D89-3D6C-4212-A471-BE48AE62CFE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F31B8CF-C383-4EDD-A653-18D80166E332}" = protocol=6 | dir=in | app=d:\programme\bohemia interactive\arma2oa.exe |
"{132F757A-4E59-4704-A16F-EBB91866A2F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17510521-D08F-4368-8380-B141A767263A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1F02EE48-D939-4B5F-82BE-C0594994AD7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2369FFE0-B4C5-4C95-8BB0-042CA3F79406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{311D6659-712F-410E-9101-810429AECC4B}" = protocol=17 | dir=in | app=d:\programme\earth 2160\earth2160_no_sse.exe |
"{348ED5A3-7F19-4C0A-BD8C-0515500D7CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{37175F11-0D5D-4FE1-961F-8070DD9790A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{37311FD7-D156-449B-A3CE-4AD692A0E089}" = protocol=6 | dir=in | app=d:\programme\earth 2160\earth2160_sse.exe |
"{3BFB9CB1-EB71-4D08-9DA3-E681E92111AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{44A0BB32-450A-4C88-8006-2055E8DD4FDE}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{44E56C1D-991F-45AF-BAD6-125D66F923B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4CD7F335-0617-4631-A57D-2B789EDD720E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{686335E4-382C-412C-8B1B-8F2B61CB3041}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FBA95BC-9166-4912-89D1-5841DB39AFDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{74E0A2EE-A0EE-4BE6-AE39-DCAD58A15E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{78893A37-6BBC-42DD-9067-E37CBF92F57C}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{7B681618-1D38-47C5-91AF-334BAD2B6393}" = protocol=17 | dir=in | app=d:\programme\earth 2160\earth2160_sse.exe |
"{88ABD237-2905-4E4F-BF4E-AF833731C7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{8E5A0589-97FE-47E5-8DFD-EF38D12F910F}" = protocol=17 | dir=in | app=d:\programme\bohemia interactive\arma2oa.exe |
"{99CF0E86-A8B6-4ADD-976D-347E10D9B6B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{9D20DB04-B5D1-4C5D-95F4-4E55DCFA152C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9E3C42C5-C72A-4295-A8CD-7E9A7A842086}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8393280-C527-4238-BAF4-1CF76B194A36}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{ABFB1BFB-D20A-4C82-BCA5-D45AB4DFA5AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5FB568E-151D-4207-A716-92955ADB9570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B932E614-B286-455D-A517-4C85FD46F636}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C1059FA3-923D-424E-B340-42A644C9C62A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{C2EA9A49-14C2-4C30-918F-E11ACD9E9592}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{C3FC1106-63EA-4A8E-9491-0D18C92B8B43}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D93DE404-DF62-45B0-BC3E-2D8EA1DF9C31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{E25A469B-0066-46C7-B974-20B2258968FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E29A1880-C3D8-4360-9E5D-A5E9DADF1B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{EAA3A676-C876-433A-99E7-88A2CB336B73}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EFBCFD19-B452-4E01-8014-4972658D134B}" = protocol=6 | dir=in | app=d:\programme\earth 2160\earth2160_no_sse.exe |
"{F3A710F2-C8C3-4CF8-91E8-9804DEF31A8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F9106C2D-EB59-4E4B-9EA2-BF8ADB8B96F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FCAF54A9-E6E6-4350-8AD0-6EAD82D27991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FCE64A8F-3E1E-4FF1-8CB1-EEDE337FB1F7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{5D75D9C8-A5D6-4755-9C3E-089EDD7A256A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{F81CB7A4-F7BB-4BA5-9D55-88154A662470}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{2F7DD680-FA8E-41F3-A4C7-98B8607EBDE5}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DB698505-C049-4BF1-AD02-375272651885}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{A99F0C57-4D65-83B3-3466-9072D1892D51}" = ccc-utility64
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"GIMP-2_is1" = GIMP 2.8.2
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.8
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"x64 Components_is1" = x64 Components v3.7.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00989200-325C-4910-8D7C-708529685D64}" = EWA_net_WIS_CaseOnline_Importer
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D0570FC-23D9-B634-9C20-55E73A2358C4}" = CCC Help Norwegian
"{0DED2A7B-DAB4-4F4D-9C49-346F276D8EEF}" = Sentinel Advance II
"{10092811-DB20-1C26-E1E6-5C743EEF4955}" = CCC Help Dutch
"{10E9ADC9-F178-D887-2899-57541303436F}" = CCC Help German
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12117975-3B3E-DD59-0139-C168E511DB85}" = CCC Help Russian
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{16F669CE-854F-F722-8FD9-5D4731BFD565}" = CCC Help Italian
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{1DA8C485-28AA-97B7-13C0-45D22E489AB7}" = CCC Help French
"{1EA89FA1-2103-06E7-6DD4-90D3EE988714}" = CCC Help Hungarian
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{254B3DAA-0179-5B76-A15E-491837281C32}" = CCC Help Portuguese
"{2647C91D-6E62-83AA-494D-1BDCF2AD4D9F}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{278DB2A0-512A-4555-8BA0-C5D65E9DDC79}" = EWA_net_Client_Applications
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{36F6E986-D2D1-403C-8BD3-D95EF7BC705D}}_is1" = Live Update 5
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"{43233646-BE3B-F242-49F6-2A2C9BB29DFA}" = CCC Help Spanish
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2A9FC-3FD4-49FC-72CC-FB2DD076A800}" = CCC Help Japanese
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F09C764-E4DB-4DED-8489-55119833FAF7}_is1" = PDF Expert 6 - Installer
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54998983-4BAC-26B9-14A2-2302EB08778E}" = Catalyst Control Center
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5729DA4D-AEBC-C6F2-FB2D-1BC9B290BD19}" = CCC Help Danish
"{5D8663CC-B937-88A4-B76B-C4904CDD3D7D}" = Windows Driver Kit
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AE6DB16-25A7-DA7E-16DC-0AF149AA7731}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7936E2AA-C2C5-61E2-9128-272DB9D2B429}" = CCC Help Thai
"{7A997C02-81D4-4FEC-9C1C-F916611F8360}" = EWA_net_EPC
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7E666A24-E069-DBA3-5376-4193EDBABC93}" = CCC Help Korean
"{857E7434-86A5-98A7-A4DE-53FAE2D07CFE}" = CCC Help English
"{871AC27D-7BD4-BFA8-0270-BA2305F8B3E2}" = Catalyst Control Center Localization All
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043A7CD-D637-6738-651A-5448AF9A8FA0}" = CCC Help Chinese Traditional
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9944163f-2367-4db7-ac77-b4963ca06996}" = Windows Driver Kit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F8DAB8-C993-E9FB-708E-6C702D4E19DB}" = Kits Configuration Installer
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AB35DF1B-FF75-0A24-A2B0-E9FACA834EF5}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{AD72733C-3345-628E-C9B1-6523F5C21534}" = CCC Help Czech
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7EC0338-EAE9-ABEA-D202-95025E66CC8C}" = HydraVision
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C0F1D697-0C8F-4563-A406-830AE52BCE65}" = EWA_net_WIS
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C39C9BB1-0203-A91A-DA71-A657BBEABC01}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C77E8A8E-E342-437F-9378-96BFAEA6C02F}" = Windows Driver Framework update Packages
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CF6D5E33-7D66-472C-BB9D-A886A2FE252A}" = Catalyst Control Center InstallProxy
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D78A1468-84FD-4226-BB33-713A7EBE3028}" = Document_Installer
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E64998BE-263A-BC4A-ACC9-BC4D4C09AAE3}" = CCC Help Turkish
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E68C5783-A1E6-4D4C-83D4-99DD470F3D94}" = EWA_net_Server
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F41852C7-939E-49A3-A5A7-5E3A81C32A8B}" = EWA_net_Core
"{F49AFE1E-A8F1-4764-9138-C82C8E617E2B}" = EWA_net_Admin
"{F63A4CA6-6BEB-8EAE-EB9A-E5B3395BD418}" = CCC Help Polish
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"ART" = ART
"AuranTS2009_is1" = Trainz Simulator 12
"DealBulldog Toolbar Toolbar" = DealBulldog Toolbar Toolbar
"DivX Setup" = DivX Setup
"Earth 2160" = Earth 2160
"EMDB_is1" = EMDB 1.51
"EWA net" = EWA net
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyMDb_0" = MyMDb 3.6
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Steam App 10" = Counter-Strike
"Steam App 202480" = Creation Kit
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Synthesia" = Synthesia (remove only)
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1271028360-3297184197-3865748728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 20:03:22 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2013 20:06:53 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2013 20:15:46 | Computer Name = **** | Source = Application Hang | ID = 1002
Description = Programm LU5.exe, Version 5.0.98.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f9c Startzeit:
01ce026b56c2e565 Endzeit: 8 Anwendungspfad: C:\Program Files (x86)\MSI\Live Update
5\LU5.exe Berichts-ID:
Error - 03.02.2013 22:54:14 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2013 23:02:17 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 04:16:51 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 14:25:10 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 15:36:18 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 03:56:17 | Computer Name = **** | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 10:09:08 | Computer Name = **** | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 14.09.2013 07:48:03 | Computer Name = **** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 15.09.2013 03:52:40 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig:
msmq. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 03:52:40 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig:
was. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 03:52:40 | Computer Name = **** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port
Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error - 15.09.2013 14:56:42 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig:
msmq. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 14:56:42 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig:
was. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 14:56:42 | Computer Name = **** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port
Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error - 15.09.2013 15:10:23 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig:
msmq. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 15:10:23 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig:
was. Dieser Dienst ist eventuell nicht installiert.
Error - 15.09.2013 15:10:23 | Computer Name = **** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port
Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
< End of report >
|
|
15.09.2013, 21:57
| #2 |
| /// the machine /// TB-Ausbilder    | Trojan.Win32.Buzus.nzom danach 20 Malware hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.09.2013, 22:13
| #3 |
| | Trojan.Win32.Buzus.nzom danach 20 Malware Hi danke für deine schnelle Antwort
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 05
Ran by **** (administrator) on **** on 15-09-2013 23:02:41
Running from C:\Users\****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe
(Alexandria Software Consulting) D:\Programme\EWA net\server\bin\tomcat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6854800 2012-12-03] (Realtek Semiconductor)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKCU\...\Run: [Grid] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-03-28] ()
MountPoints2: {2c0f78be-d3c7-11e2-885c-8c89a5803641} - F:\Unlock.exe autoplay=true
MountPoints2: {44b5bcc3-645b-11e1-8caa-806e6f6e6963} - E:\Autorun.exe
MountPoints2: {58f2ce48-6459-11e1-96d3-806e6f6e6963} - E:\DVDSetup.exe
MountPoints2: {edcb997e-7c07-11e1-87e9-806e6f6e6963} - E:\Autorun.exe
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vspdfprsrv.exe] - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [1237504 2010-01-06] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
AppInit_DLLs: [0 ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FCC528C9D93CD01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default
FF user.js: detected! => C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\user.js
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR Extension: (BBroowsee2save) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 EWA net DB Core; D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net DB EPC; D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich)
R2 EWA net DB WIS; D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net Server; D:\Programme\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-22] (Kaspersky Lab ZAO)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 cpuz130; \??\C:\Users\****\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-22] (Kaspersky Lab ZAO)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
U5 UnlockerDriver5; D:\Programme\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 21:40 - 2013-09-15 21:40 - 00068928 _____ C:\Users\****\Desktop\Extras.Txt
2013-09-15 21:38 - 2013-09-15 21:38 - 00120718 _____ C:\Users\****\Desktop\OTL.Txt
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 13:43 - 2013-09-15 14:34 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 13:42 - 2013-09-15 14:33 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 13:41 - 2013-09-15 14:33 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-13 20:44 - 2013-09-13 20:46 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 13:25 - 2005-11-04 14:03 - 15884288 _____ (Frontier Developments Ltd) C:\Users\****\Desktop\RCT3plus.exe
2013-09-13 13:23 - 2013-09-14 14:08 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 01:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 01:46 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 00:38 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 00:38 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 00:38 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 00:38 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 00:38 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 00:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:00 - 2013-09-12 22:01 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:43 - 2013-09-13 18:59 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 21:24 - 2013-09-12 21:48 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:24 - 2002-02-27 17:50 - 00197120 _____ C:\Windows\patchw32.dll
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-08-21 10:38 - 2013-09-08 00:01 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-21 01:25 - 2013-09-15 18:39 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-17 23:54 - 2013-08-17 23:54 - 00003148 _____ C:\Users\****\Documents\Mein Film1.wlmp
2013-08-17 11:42 - 2013-08-18 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 22:31 - 2012-03-02 13:21 - 02053514 _____ C:\Windows\WindowsUpdate.log
2013-09-15 22:28 - 2013-05-08 09:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-15 22:17 - 2013-05-22 14:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-15 22:03 - 2012-08-22 21:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 21:40 - 2013-09-15 21:40 - 00068928 _____ C:\Users\****\Desktop\Extras.Txt
2013-09-15 21:38 - 2013-09-15 21:38 - 00120718 _____ C:\Users\****\Desktop\OTL.Txt
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:16 - 2011-04-12 09:43 - 00697658 _____ C:\Windows\system32\perfh007.dat
2013-09-15 21:16 - 2011-04-12 09:43 - 00148452 _____ C:\Windows\system32\perfc007.dat
2013-09-15 21:16 - 2009-07-14 07:13 - 01616098 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 21:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 21:15 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 21:10 - 2013-05-08 09:12 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-15 21:10 - 2013-05-07 09:02 - 00027446 _____ C:\Windows\setupact.log
2013-09-15 21:10 - 2013-02-08 20:19 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-15 21:10 - 2013-02-08 20:19 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-15 21:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-15 21:04 - 2012-03-02 14:29 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7B3C50F5-5065-4B79-83E1-64326B5EA377}
2013-09-15 20:56 - 2013-05-07 09:23 - 00018468 _____ C:\Windows\PFRO.log
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 18:39 - 2013-08-21 01:25 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-09-15 14:36 - 2012-04-22 19:04 - 00000000 ____D C:\Users\****\dwhelper
2013-09-15 14:34 - 2013-09-15 13:43 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 14:33 - 2013-09-15 13:42 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 14:33 - 2013-09-15 13:41 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-14 14:08 - 2013-09-13 13:23 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-14 10:20 - 2012-03-02 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 20:46 - 2013-09-13 20:44 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 20:04 - 2012-08-22 21:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:04 - 2012-08-22 21:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 20:04 - 2012-08-22 21:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 18:59 - 2013-09-12 21:43 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-13 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 09:37 - 2009-07-14 06:45 - 00328312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 01:46 - 2013-08-15 23:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 01:45 - 2012-03-02 20:14 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:01 - 2013-09-12 22:00 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:48 - 2013-09-12 21:24 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:47 - 2012-03-02 19:21 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-12 21:36 - 2012-03-02 13:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\ProgramData\DivX
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-12 00:18 - 2012-11-10 15:40 - 00020992 _____ C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-11 10:45 - 2013-02-05 15:14 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:45 - 2013-02-05 15:14 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-11 10:44 - 2012-06-23 20:38 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-11 10:44 - 2012-03-03 00:09 - 00000000 ____D C:\Users\****\AppData\Roaming\RealNetworks
2013-09-11 10:44 - 2012-03-03 00:08 - 00000000 ____D C:\ProgramData\Real
2013-09-11 02:09 - 2012-06-10 23:23 - 00000000 ____D C:\Users\****\AppData\Roaming\EurekaLog
2013-09-08 00:01 - 2013-08-21 10:38 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-23 17:51 - 2012-03-02 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-21 17:56 - 2012-06-05 21:50 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-18 22:02 - 2012-05-08 16:55 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-18 16:43 - 2012-05-03 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 00:01 - 2013-08-17 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 23:54 - 2013-08-17 23:54 - 00003148 _____ C:\Users\****\Documents\Mein Film1.wlmp
2013-08-17 23:48 - 2012-11-09 23:49 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\BackupSetup.exe
C:\Users\****\AppData\Local\Temp\DEL1.EXE
C:\Users\****\AppData\Local\Temp\drm_dialogs.dll
C:\Users\****\AppData\Local\Temp\htmlayout.dll
C:\Users\****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\****\AppData\Local\Temp\lowproc.exe
C:\Users\****\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\****\AppData\Local\Temp\SIntf16.dll
C:\Users\****\AppData\Local\Temp\SIntf32.dll
C:\Users\****\AppData\Local\Temp\SIntfNT.dll
C:\Users\****\AppData\Local\Temp\stubhelper.dll
C:\Users\****\AppData\Local\Temp\toolbar62937901.exe
C:\Users\****\AppData\Local\Temp\uninst1.exe
C:\Users\****\AppData\Local\Temp\vlc-2.0.7-win64.exe
C:\Users\****\AppData\Local\Temp\vlc-2.0.8-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 00:16
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2013 05
Ran by **** at 2013-09-15 23:03:01
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
ARMA 2 Operation Arrowhead Uninstall (x32)
ArmA2 Uninstall (x32)
ART (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1202.2231.40334)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2011.1202.2231.40334)
Catalyst Control Center Localization All (x32 Version: 2011.1202.2231.40334)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2011.1202.2230.40334)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2011.1202.2230.40334)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2011.1202.2230.40334)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2011.1202.2230.40334)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2011.1202.2230.40334)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2011.1202.2230.40334)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2011.1202.2230.40334)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2011.1202.2230.40334)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2011.1202.2230.40334)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2011.1202.2230.40334)
CCC Help Greek (x32 Version: 2012.0928.1531.26058)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2011.1202.2230.40334)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2011.1202.2230.40334)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2011.1202.2230.40334)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2011.1202.2230.40334)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2011.1202.2230.40334)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2011.1202.2230.40334)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2011.1202.2230.40334)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2011.1202.2230.40334)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2011.1202.2230.40334)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2011.1202.2230.40334)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2011.1202.2230.40334)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2011.1202.2230.40334)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2011.1202.2231.40334)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.01)
Counter-Strike (x32)
Counter-Strike: Global Offensive (x32)
Creation Kit (x32)
Crysis® 2 (x32 Version: 1.0.0.0)
CyberLink LG Burning Tool (x32 Version: 6.2.4619)
CyberLink PowerDVD 9 (x32 Version: 9.0.3530.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Data Lifeguard Diagnostic for Windows 1.24 (x32)
DealBulldog Toolbar Toolbar (x32)
DivX Setup (x32 Version: 2.6.1.84)
Document_Installer (x32 Version: 1.00.0000)
DriverAgent by eSupport.com
Earth 2160 (x32 Version: 1.37 En)
EasyBoost (x32 Version: 1.0.8.1)
EMDB 1.51 (x32)
EWA net (x32)
EWA_net_Admin (x32 Version: 1.00.0000)
EWA_net_Client_Applications (x32 Version: 1.00.0000)
EWA_net_Core (x32 Version: 1.00.0000)
EWA_net_EPC (x32 Version: 1.00.0000)
EWA_net_Server (x32 Version: 1.00.0000)
EWA_net_WIS (x32 Version: 1.00.0000)
EWA_net_WIS_CaseOnline_Importer (x32 Version: 1.00.0000)
eXPert PDF 6 (x32 Version: 6.32)
Fotogalerie (x32 Version: 16.4.3505.0912)
GIGABYTE VGA @BIOS (x32 Version: 1.1)
GIMP 2.8.2 (Version: 2.8.2)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HydraVision (x32 Version: 4.2.252.0)
HyperCam 2 (Version: 2.27.01)
Intel(R) Management Engine Components (x32 Version: 7.1.21.1134)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JDownloader 0.9 (x32 Version: 0.9)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Kits Configuration Installer (x32 Version: 8.58.0)
LightScribe System Software (x32 Version: 1.18.18.1)
Live Update 5 (x32 Version: 5.0.109)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyMDb 3.6 (x32)
Origin (x32 Version: 8.6.0.357)
PCSX2 - Playstation 2 Emulator (x32)
PDF Expert 6 - Installer (x32)
Photo Gallery (x32 Version: 16.4.3505.0912)
RCT3 Soaked (x32 Version: 1.00.000)
RealDownloader (x32 Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.3)
Realtek Ethernet Controller Driver (x32 Version: 7.67.1226.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6793)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.12.0)
RollerCoaster Tycoon 3 (x32 Version: 1.00.000)
Samsung_MonSetup (x32 Version: 1.00.0000)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Sentinel Advance II (x32 Version: 2.00.0000)
Steam (x32 Version: 1.0.0.0)
Super-Charger (x32 Version: 1.2.012)
Synthesia (remove only) (x32)
TeamSpeak 3 Client (Version: 3.0.11.1)
The Elder Scrolls V: Skyrim (x32)
Trainz Simulator 12 (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
WD SmartWare (Version: 1.6.4.7)
Windows Driver Framework update Packages (x32 Version: 8.0.0.0)
Windows Driver Kit (x32 Version: 8.58.0)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
World of Tanks (x32)
x64 Components v3.7.6 (Version: 3.7.6)
XMedia Recode Version 3.1.4.9 (x32 Version: 3.1.4.9)
==================== Restore Points =========================
14-09-2013 00:06:01 Windows Update
14-09-2013 08:20:19 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {080B000E-4730-496B-8142-EF58E9D9C169} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {21036848-DDED-4752-886F-56C8C8766A87} - System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2013-09-11] (RealNetworks, Inc.)
Task: {2528AFC9-C04D-4DA7-B238-F1DA843055EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {26F9DB8E-CBC2-4B55-9B91-D55F2580F574} - System32\Tasks\User_Feed_Synchronization-{7B3C50F5-5065-4B79-83E1-64326B5EA377} => C:\Windows\system32\msfeedssync.exe [2013-03-14] (Microsoft Corporation)
Task: {37D05DEB-9144-40F7-9ACE-49E994796920} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {3E8664CD-6583-4BC8-B7D2-39FCA90B2765} - System32\Tasks\{A2DB5FE1-ECFA-41E6-B088-C548A62C9319} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {41C93A33-B01B-43CC-A5BE-686BEBAC24DB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {719CE52A-31DF-41E7-90E3-D3EBF0752D23} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {777D4456-94FF-45AD-909E-4763962E6E00} - System32\Tasks\{E2A95973-6186-4E4A-8930-05754E70A8CD} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {8E4F01BE-3C17-4603-82E1-D9A368027D6B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {90E90870-7C7F-4061-A2DA-6430ABA9BEDC} - System32\Tasks\{A4B6E314-80EA-4DC8-8C8B-DDA2736505E8} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {95E04CBA-99D6-4E8D-ADE5-8D8FB7E26361} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A82629EB-0699-4743-BDDB-B13237C2322C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B047B6CF-5E36-4F23-941A-85C7168ABF0D} - System32\Tasks\{09A66659-D587-40D4-8F09-4BAA10CD5792} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {BB2FC1AF-2388-463A-A9BB-C4BD21A8F3A7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1271028360-3297184197-3865748728-1000
Task: {C5657BCA-402F-4CF1-BE88-CC2FAA8CCE7E} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {C958EE4C-910F-4D33-B641-9B93685D2F67} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9076512-222D-45A2-A71A-358B2EE2FFE5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {E1A24650-5C3E-4181-8DD8-F77ADFE58D7E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E5360C9D-923A-4414-8DB5-BE0CABFCC060} - System32\Tasks\{9AF5D757-90C5-4ADD-98D8-7888993DD7F2} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {EBE830E6-C7A2-4903-9701-77DC5D2E186C} - System32\Tasks\{1969B603-0487-402A-93A3-A63387170EAF} => D:\Programme\Team17\Worms World Party\wwp.exe
Task: {EC04763B-E93A-45AD-AB33-883EE743F2E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {F1BB3AC6-D656-47F0-8F0D-F720A73C95DB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F5CF41C8-6248-40C7-ABAA-538B116D95DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-01-08 23:26 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-03-28 22:09 - 2013-03-28 22:09 - 00307712 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\GridHook64.dll
2013-03-28 22:07 - 2013-03-28 22:07 - 00241664 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2009-07-14 02:23 - 2009-07-14 03:38 - 00182272 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codecp.acm
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Dwm.exe
2012-03-02 20:13 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () D:\Programme\Unlocker\UnlockerCOM.dll
2012-03-02 18:42 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-17 21:42 - 2012-08-17 21:42 - 00197560 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll
2012-08-17 21:41 - 2012-08-17 21:41 - 00188344 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prremote.dll
2012-08-17 21:43 - 2012-08-17 21:43 - 00507320 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prloader.dll
2013-02-04 01:49 - 2012-12-03 12:28 - 06854800 _____ (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2013-02-04 01:49 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-02-04 01:49 - 2012-11-16 15:30 - 03673232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-03-28 22:08 - 2013-03-28 22:08 - 00389120 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
2013-03-28 22:09 - 2013-03-28 22:09 - 00401408 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
2012-09-24 14:46 - 2012-09-24 14:46 - 00573536 _____ (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
2012-04-29 22:19 - 2010-01-06 08:09 - 01237504 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
2013-03-28 22:09 - 2013-03-28 22:09 - 00306176 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
2012-08-17 21:43 - 2013-05-22 14:32 - 00356376 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
2013-07-16 08:05 - 2013-09-04 13:21 - 01985520 _____ (Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
2013-03-28 22:14 - 2013-03-28 22:14 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2013-03-28 22:14 - 2013-03-28 22:14 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2013-03-28 22:17 - 2013-03-28 22:17 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-03-28 22:09 - 2013-03-28 22:09 - 00282624 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-03-28 22:07 - 2013-03-28 22:07 - 00094208 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDeu.dll
2013-03-28 22:08 - 2013-03-28 22:08 - 00241664 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGH.dll
2013-03-28 22:08 - 2013-03-28 22:08 - 00217088 _____ (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2012-04-29 22:19 - 2007-12-11 22:04 - 00853504 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\rtl100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 01874944 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vcl100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 01797632 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfdialogs100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 06924288 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfcore100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 01117184 _____ (Visagesoft) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsvector100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00231424 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsgdiplus100.bpl
2012-04-29 22:19 - 2008-03-27 22:05 - 00859136 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\xmlrtl100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00165888 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspng100.bpl
2012-04-29 22:19 - 2009-09-01 15:39 - 02492416 _____ (Project JEDI) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\Jcl110.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 00097792 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vcljpg100.bpl
2012-04-29 22:19 - 2008-05-21 18:16 - 01926656 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 00198656 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vclx100.bpl
2012-04-29 22:19 - 2007-12-27 21:45 - 00025600 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vstrees100.bpl
2012-04-29 22:19 - 2007-12-27 22:12 - 00043520 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsprinters100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00435712 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\visage100.bpl
2012-04-29 22:19 - 2007-12-27 21:59 - 00056832 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vscompression100.bpl
2012-04-29 22:19 - 2007-12-27 22:18 - 00043520 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprinter100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00079360 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspropsaver100.bpl
2012-04-29 22:19 - 2008-04-14 17:38 - 00688128 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\js32.dll
2012-04-29 22:19 - 2009-10-30 14:04 - 00354304 _____ (Visage Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfeditor100.bpl
2012-04-29 22:19 - 2008-10-08 11:11 - 00472576 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VirtualTree100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00657408 _____ (Animated Menus, Inc.) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\am100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 00306688 _____ (CodeGear) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vclactnband100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00076800 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VSDesktop100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 01856000 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\te100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00720384 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\TMSlite100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00087552 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vsmisc100.bpl
2012-04-29 22:19 - 2008-05-21 18:31 - 00944128 _____ (bsalsa productions) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\iertl100.bpl
2012-04-29 22:19 - 2007-12-28 10:32 - 00142336 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\uoolep100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00731648 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfcvt100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 01775616 _____ (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\IndyProtocols100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 01060188 _____ (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\IndySystem100.bpl
2012-04-29 22:19 - 2007-12-11 22:04 - 01449568 _____ (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\IndyCore100.bpl
2012-04-29 22:19 - 2009-10-30 14:04 - 00240640 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\expertpdf4core.bpl
2012-04-29 22:19 - 2003-08-22 04:23 - 00225792 _____ () C:\Program Files (x86)\Visagesoft\eXPert PDF 6\sqlite.dll
2009-10-14 16:11 - 2009-10-14 16:11 - 00312576 ____N (Avanquest Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\LiveUpdateClientTools.dll
2012-04-29 22:19 - 2009-07-31 10:34 - 00115968 _____ (BVRP Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\WUNPACLN.dll
2009-06-29 14:06 - 2009-06-29 14:06 - 00599296 ____N (Avanquest Software) C:\Program Files (x86)\Visagesoft\eXPert PDF 6\bvrpctln.dll
2012-08-17 21:40 - 2013-06-19 10:48 - 00083648 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00013240 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpinit.dll
2012-10-25 12:42 - 2013-05-22 14:32 - 00828096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpmain.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fssync.DLL
2012-08-17 21:39 - 2012-08-17 21:39 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\DumpWriter.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00611768 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\service.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.DLL
2012-08-17 21:39 - 2012-08-17 21:39 - 00369080 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll
2012-08-17 21:41 - 2012-08-17 21:41 - 00110008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\nfio.ppl
2012-08-17 21:41 - 2012-08-17 21:41 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fsdrvplg.ppl
2012-08-17 21:41 - 2012-08-17 21:41 - 00038840 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winreg.ppl
2012-08-17 21:41 - 2013-05-22 14:32 - 00045576 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pxstub.ppl
2012-08-17 21:41 - 2013-05-22 14:32 - 01329008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\params.ppl
2012-08-17 21:38 - 2012-08-17 21:38 - 01108408 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_legacy.dll
2012-08-17 21:39 - 2013-05-22 14:32 - 00609288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\key_value_storage.DLL
2012-08-17 21:39 - 2012-08-17 21:39 - 00254392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\eka_meta.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00253368 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\updater_meta.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00126904 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\content_filtering_meta.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00256440 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\am_meta.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00434616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_meta.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00362936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_meta.dll
2012-08-17 21:39 - 2013-05-22 14:32 - 00825784 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\product_metainfo.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00208824 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugins_meta.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00297400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_meta.dll
2012-08-17 21:40 - 2013-05-22 14:32 - 00238272 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_meta.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00183224 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klifpp_meta.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\instrumental_meta.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00395192 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\storage.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00036280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpservice.dll
2012-10-25 12:42 - 2013-05-22 14:32 - 04885872 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl
2012-08-17 21:39 - 2012-08-17 21:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-10-25 12:42 - 2013-05-22 14:32 - 02162616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl
2012-08-17 21:41 - 2013-05-22 14:32 - 00041328 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\thpimpl.ppl
2012-08-17 21:39 - 2012-08-17 21:39 - 00085944 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00657336 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\localization_manager.dll
2012-08-17 21:39 - 2013-05-22 14:32 - 00288696 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll
2012-08-17 21:41 - 2012-08-17 21:41 - 00018360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl
2012-08-17 21:41 - 2012-08-17 21:41 - 00088504 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\propmap.ppl
2012-08-17 21:40 - 2012-08-17 21:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qgif4.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qico4.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qjpeg4.dll
2013-08-17 11:42 - 2013-08-17 11:42 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00299960 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com\components\anti_banner_native_proxy.dll
2013-08-14 15:24 - 2013-08-14 15:24 - 00107008 _____ (RealNetworks, Inc.) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Components\nprndlffbrowserrecordext.dll
2013-08-14 15:25 - 2013-08-14 15:25 - 00057944 _____ (RealNetworks, Inc.) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlchrome10browserrecordhelper.dll
2013-08-14 15:23 - 2013-08-14 15:23 - 00525456 _____ (RealDownloader) C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Common\rndlmainbrowserrecordplugin.dll
2012-08-17 21:39 - 2012-08-17 21:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2013 10:51:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (09/14/2013 01:17:12 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
Error: (09/14/2013 00:39:59 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (09/14/2013 10:39:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/13/2013 08:44:14 PM) (Source: Application Hang) (User: )
Description: Programm RCT3plus.exe, Version 3.2.8.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3b8
Startzeit: 01ceb0b0f9160c10
Endzeit: 0
Anwendungspfad: D:\Programme\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichts-ID: 594f9bcd-1ca4-11e3-9911-8c89a5803641
Error: (09/13/2013 06:31:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
Error: (09/13/2013 05:28:22 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (09/13/2013 03:56:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020f03
ID des fehlerhaften Prozesses: 0x1934
Startzeit der fehlerhaften Anwendung: 0xRCT3plus.exe0
Pfad der fehlerhaften Anwendung: RCT3plus.exe1
Pfad des fehlerhaften Moduls: RCT3plus.exe2
Berichtskennung: RCT3plus.exe3
Error: (09/13/2013 10:00:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/12/2013 11:20:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
System errors:
=============
Error: (09/15/2013 09:10:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/15/2013 09:10:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (09/15/2013 09:10:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (09/15/2013 08:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/15/2013 08:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (09/15/2013 08:56:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (09/15/2013 09:52:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/15/2013 09:52:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (09/15/2013 09:52:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (09/14/2013 01:48:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-09-14 10:38:45.699
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:38:45.698
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:38:45.697
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:38:45.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:38:45.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:38:45.692
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-13 09:59:42.325
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-13 09:59:42.324
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-13 09:59:42.323
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-13 09:59:42.321
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 16336.21 MB
Available physical RAM: 13049.58 MB
Total Pagefile: 32670.61 MB
Available Pagefile: 29062.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.47 GB) (Free:54.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:197.62 GB) NTFS
Drive e: (RCT3 Wild!) (CDROM) (Total:0.62 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 97274773)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C313631B)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.09.2013, 10:23
| #4 | |
| /// the machine /// TB-Ausbilder | Trojan.Win32.Buzus.nzom danach 20 MalwareCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2013, 12:32
| #5 |
| | Trojan.Win32.Buzus.nzom danach 20 Malware Hallo. hier der scan war da noch was zu finden oder hab ich Glück gehabt. Code:
ATTFilter ComboFix 13-09-14.01 - **** 16.09.2013 13:15:43.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16336.14041 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
c:\programdata\BBroowsee2save
c:\programdata\BBroowsee2save\5160180581315.tlb
c:\programdata\BBroowsee2save\settings.ini
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\516018058111b9.63201677.js
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\background.html
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\content.js
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\lsdb.js
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\manifest.json
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\sqlite.js
c:\users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\logs
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-16 bis 2013-09-16 ))))))))))))))))))))))))))))))
.
.
2013-09-16 11:18 . 2013-09-16 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-16 06:45 . 2013-09-16 06:45 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CB40D1A-8521-4916-A31C-76C5D8C897B0}\offreg.dll
2013-09-15 21:02 . 2013-09-15 21:02 -------- d-----w- C:\FRST
2013-09-13 11:23 . 2013-09-14 12:08 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2013-09-13 07:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CB40D1A-8521-4916-A31C-76C5D8C897B0}\mpengine.dll
2013-09-12 22:38 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 19:47 . 2013-09-12 19:47 -------- d-----w- c:\users\****\AppData\Roaming\Atari
2013-09-12 19:31 . 2013-09-12 19:31 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-09-12 19:24 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll
2013-09-12 19:24 . 2013-09-12 19:24 -------- d-----w- c:\program files (x86)\Common Files\PocketSoft
2013-09-12 19:21 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-09-12 19:21 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-09-12 19:21 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-09-12 19:21 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-09-12 19:21 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-09-12 19:21 . 2013-09-12 19:21 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-09-12 19:21 . 2013-09-12 19:21 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-09-11 08:44 . 2013-09-11 08:44 -------- d-----w- c:\programdata\RealNetworks
2013-09-11 08:44 . 2013-09-11 08:44 -------- d-----w- c:\program files (x86)\RealNetworks
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-08-20 23:25 . 2013-09-15 22:40 -------- d-----w- c:\users\****\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 18:04 . 2012-08-22 19:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 18:04 . 2012-08-22 19:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 23:45 . 2012-03-02 18:14 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-11 08:44 . 2012-06-23 18:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-09-11 08:44 . 2012-06-23 18:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-08-07 22:54 . 2013-08-07 22:54 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 22:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 08:28 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 08:28 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 08:28 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 08:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 08:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 08:28 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 08:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 08:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 08:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 08:28 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 08:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 08:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 08:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 08:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 08:28 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-26 08:35 . 2013-06-26 08:35 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 08:35 . 2012-07-20 12:21 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 08:35 . 2012-03-05 17:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-19 08:48 . 2012-06-08 09:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-28 389120]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2013-03-28 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-22 356376]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-11 295512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/07 21:45;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys;c:\program files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\****\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\****\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz134;cpuz134;d:\programme\PC Wizard 2010\pcwiz_x64.sys;d:\programme\PC Wizard 2010\pcwiz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 EWA net DB Core;EWA net DB Core;d:\programme\EWA net\database\TransBase EWA\tbmux32.exe;d:\programme\EWA net\database\TransBase EWA\tbmux32.exe [x]
S2 EWA net DB EPC;EWA net DB EPC;d:\programme\EWA net\database\TransBase EPC\tbmux32.exe;d:\programme\EWA net\database\TransBase EPC\tbmux32.exe [x]
S2 EWA net DB WIS;EWA net DB WIS;d:\programme\EWA net\database\TransBase WIS\tbmux32.exe;d:\programme\EWA net\database\TransBase WIS\tbmux32.exe [x]
S2 EWA net Server;EWA net Server;d:\programme\EWA net\server\bin\tomcat.exe;d:\programme\EWA net\server\bin\tomcat.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - NTIOLIB_1_0_4
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 12:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 18:04]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 07:12]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08 07:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-12-03 6854800]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.web.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - ExtSQL: 2013-09-11 10:44; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 84d8cd980000000000008c89a5803641
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15889
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.50:47
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120008&tsp=4932
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-vspdfprsrv.exe - c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{9173684A-9D94-4206-9445-CAA3140E5ACA} - c:\programdata\{EBAF233A-0096-4A64-B67C-32712080BF38}\PhotoModeler Scanner 7 [64-bit] Setup - 7.20121.0 -
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-16 13:19:41
ComboFix-quarantined-files.txt 2013-09-16 11:19
.
Vor Suchlauf: 14 Verzeichnis(se), 58.643.124.224 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 60.647.395.328 Bytes frei
.
- - End Of File - - BD140B03492B370B2C28F898D48DFA77
|
|
16.09.2013, 19:25
| #6 |
| /// the machine /// TB-Ausbilder | Trojan.Win32.Buzus.nzom danach 20 Malware Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojan.Win32.Buzus.nzom danach 20 Malware |
|
16.09.2013, 20:14
| #7 |
| | Trojan.Win32.Buzus.nzom danach 20 Malware Hier schon mal der erste log andere folgen gleich hatte wieder 17 Malware gefunden Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 **** [Administrator] 16.09.2013 20:39:38 mbam-log-2013-09-16 (20-39-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263870 Laufzeit: 2 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 7 C:\Users\****\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\OpenCandy_0951DDB020224710BE17B9065520BCB1 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Users\****\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1\5682.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1\GutscheinCodes.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1\GutscheinCodes_p1v1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Roaming\OpenCandy\0951DDB020224710BE17B9065520BCB1\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 16/09/2013 um 20:54:15
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ****
# Gestartet von : C:\Users\****\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Users\****\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\****\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\jetpack
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\\invalidprefs.js
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\searchplugins\delta.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5328ad1e768e549
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_3dmark-06_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_3dmark-06_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-screen-to-video_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-screen-to-video_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pc-wizard_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pc-wizard_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "84d8cd980000000000008c89a5803641");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15889");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.50:47:00");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120008&tsp=4932");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
*************************
AdwCleaner[R0].txt - [7628 octets] - [16/09/2013 20:52:15]
AdwCleaner[S0].txt - [7226 octets] - [16/09/2013 20:54:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7286 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by **** on 16.09.2013 at 20:59:33,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1271028360-3297184197-3865748728-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk"
Successfully deleted: [File] "C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sgq0fjf2.default\minidumps [146 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.09.2013 at 21:04:38,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 05
Ran by **** (administrator) on **** on 16-09-2013 21:07:45
Running from C:\Users\****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe
(Alexandria Software Consulting) D:\Programme\EWA net\server\bin\tomcat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6854800 2012-12-03] (Realtek Semiconductor)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKCU\...\Run: [Grid] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-03-28] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FCC528C9D93CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 EWA net DB Core; D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net DB EPC; D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich)
R2 EWA net DB WIS; D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net Server; D:\Programme\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-22] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\****\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-22] (Kaspersky Lab ZAO)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-16 21:04 - 2013-09-16 21:06 - 00001706 _____ C:\Users\****\Desktop\JRT.txt
2013-09-16 20:59 - 2013-09-16 20:59 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:58 - 2013-09-16 20:58 - 01029675 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2013-09-16 20:57 - 2013-09-16 20:57 - 00007364 _____ C:\Users\****\Desktop\AdwCleaner[S0].txt
2013-09-16 20:52 - 2013-09-16 20:54 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:51 - 2013-09-16 20:51 - 01039554 _____ C:\Users\****\Desktop\adwcleaner.exe
2013-09-16 20:36 - 2013-09-16 20:36 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 20:36 - 2013-09-16 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 20:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-16 13:19 - 2013-09-16 13:19 - 00023922 _____ C:\ComboFix.txt
2013-09-16 13:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 13:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 13:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 13:13 - 2013-09-16 13:19 - 00000000 ____D C:\Qoobox
2013-09-16 13:13 - 2013-09-16 13:18 - 00000000 ____D C:\Windows\erdnt
2013-09-16 13:12 - 2013-09-16 13:12 - 05126233 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-15 13:43 - 2013-09-15 14:34 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 13:42 - 2013-09-15 14:33 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 13:41 - 2013-09-15 14:33 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-13 20:44 - 2013-09-13 20:46 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 13:25 - 2005-11-04 14:03 - 15884288 _____ (Frontier Developments Ltd) C:\Users\****\Desktop\RCT3plus.exe
2013-09-13 13:23 - 2013-09-14 14:08 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 01:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 01:46 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 00:38 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 00:38 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 00:38 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 00:38 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 00:38 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 00:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:00 - 2013-09-12 22:01 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:43 - 2013-09-13 18:59 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 21:24 - 2013-09-12 21:48 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:24 - 2002-02-27 17:50 - 00197120 _____ C:\Windows\patchw32.dll
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-08-21 10:38 - 2013-09-08 00:01 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-21 01:25 - 2013-09-16 00:40 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-17 23:54 - 2013-08-17 23:54 - 00003148 _____ C:\Users\****\Documents\Mein Film1.wlmp
2013-08-17 11:42 - 2013-08-18 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-09-16 21:06 - 2013-09-16 21:04 - 00001706 _____ C:\Users\****\Desktop\JRT.txt
2013-09-16 21:03 - 2012-08-22 21:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 21:00 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 21:00 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 20:59 - 2013-09-16 20:59 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:59 - 2011-04-12 09:43 - 00697658 _____ C:\Windows\system32\perfh007.dat
2013-09-16 20:59 - 2011-04-12 09:43 - 00148452 _____ C:\Windows\system32\perfc007.dat
2013-09-16 20:59 - 2009-07-14 07:13 - 01616098 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 20:58 - 2013-09-16 20:58 - 01029675 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2013-09-16 20:58 - 2012-03-02 14:29 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7B3C50F5-5065-4B79-83E1-64326B5EA377}
2013-09-16 20:57 - 2013-09-16 20:57 - 00007364 _____ C:\Users\****\Desktop\AdwCleaner[S0].txt
2013-09-16 20:55 - 2013-05-22 14:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-16 20:55 - 2013-05-08 09:12 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 20:55 - 2013-05-07 09:02 - 00028118 _____ C:\Windows\setupact.log
2013-09-16 20:55 - 2013-02-08 20:19 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-16 20:55 - 2013-02-08 20:19 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-16 20:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 20:54 - 2013-09-16 20:52 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:54 - 2012-03-02 13:21 - 01084989 _____ C:\Windows\WindowsUpdate.log
2013-09-16 20:51 - 2013-09-16 20:51 - 01039554 _____ C:\Users\****\Desktop\adwcleaner.exe
2013-09-16 20:47 - 2013-05-07 09:23 - 00024044 _____ C:\Windows\PFRO.log
2013-09-16 20:36 - 2013-09-16 20:36 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 20:36 - 2013-09-16 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 20:28 - 2013-05-08 09:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 17:09 - 2012-06-10 23:23 - 00000000 ____D C:\Users\****\AppData\Roaming\EurekaLog
2013-09-16 13:19 - 2013-09-16 13:19 - 00023922 _____ C:\ComboFix.txt
2013-09-16 13:19 - 2013-09-16 13:13 - 00000000 ____D C:\Qoobox
2013-09-16 13:19 - 2012-07-08 21:35 - 00000000 ____D C:\Users\****
2013-09-16 13:18 - 2013-09-16 13:13 - 00000000 ____D C:\Windows\erdnt
2013-09-16 13:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-16 13:12 - 2013-09-16 13:12 - 05126233 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe
2013-09-16 00:40 - 2013-08-21 01:25 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-09-16 00:36 - 2012-04-22 19:04 - 00000000 ____D C:\Users\****\dwhelper
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-15 14:34 - 2013-09-15 13:43 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 14:33 - 2013-09-15 13:42 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 14:33 - 2013-09-15 13:41 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-14 14:08 - 2013-09-13 13:23 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-14 10:20 - 2012-03-02 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 20:46 - 2013-09-13 20:44 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 20:04 - 2012-08-22 21:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:04 - 2012-08-22 21:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 20:04 - 2012-08-22 21:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 18:59 - 2013-09-12 21:43 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-13 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 09:37 - 2009-07-14 06:45 - 00328312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 01:46 - 2013-08-15 23:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 01:45 - 2012-03-02 20:14 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:01 - 2013-09-12 22:00 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:48 - 2013-09-12 21:24 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:47 - 2012-03-02 19:21 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-12 21:36 - 2012-03-02 13:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\ProgramData\DivX
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-12 00:18 - 2012-11-10 15:40 - 00020992 _____ C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-11 10:45 - 2013-02-05 15:14 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:45 - 2013-02-05 15:14 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-11 10:44 - 2012-06-23 20:38 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-11 10:44 - 2012-03-03 00:09 - 00000000 ____D C:\Users\****\AppData\Roaming\RealNetworks
2013-09-11 10:44 - 2012-03-03 00:08 - 00000000 ____D C:\ProgramData\Real
2013-09-08 00:01 - 2013-08-21 10:38 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-23 17:51 - 2012-03-02 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-21 17:56 - 2012-06-05 21:50 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-18 22:02 - 2012-05-08 16:55 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-18 16:43 - 2012-05-03 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 00:01 - 2013-08-17 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 23:54 - 2013-08-17 23:54 - 00003148 _____ C:\Users\****\Documents\Mein Film1.wlmp
2013-08-17 23:48 - 2012-11-09 23:49 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 00:16
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- |
|
17.09.2013, 08:03
| #8 |
| /// the machine /// TB-Ausbilder | Trojan.Win32.Buzus.nzom danach 20 MalwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2013, 12:57
| #9 |
| | Trojan.Win32.Buzus.nzom danach 20 Malware ESET hatte was gefunden Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8fafbe1c1ff3c24ca8e5a54bfbbc55f2
# engine=15156
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-17 09:34:12
# local_time=2013-09-17 11:34:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 9280 34180374 0 0
# compatibility_mode=5893 16776573 100 94 9005 131040302 0 0
# scanned=316845
# found=1
# cleaned=0
# scan_time=6860
sh=2A3F5FEB49453C36BC32CE60168FAB4A72210671 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpkihncjfodknnfbbljkhnenfajog\1\516018058111b9.63201677.js.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.4001) Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 05
Ran by **** (administrator) on **** on 17-09-2013 13:45:05
Running from C:\Users\****\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe
(Alexandria Software Consulting) D:\Programme\EWA net\server\bin\tomcat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Transaction Software, D 81829 Munich) D:\Programme\EWA net\database\TransBase EWA\tbkern32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6854800 2012-12-03] (Realtek Semiconductor)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKCU\...\Run: [Grid] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [401408 2013-03-28] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2FCC528C9D93CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sgq0fjf2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-22] (Kaspersky Lab ZAO)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 EWA net DB Core; D:\Programme\EWA net\database\TransBase EWA\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net DB EPC; D:\Programme\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich)
R2 EWA net DB WIS; D:\Programme\EWA net\database\TransBase WIS\tbmux32.exe [326616 2011-03-09] (Transaction Software, D 81829 Munich)
R2 EWA net Server; D:\Programme\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 atillk64; C:\Program Files (x86)\GIGABYTE\EasyBoost\AtiTool\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 cpuz134; D:\pROGRAMME\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [14376 2008-07-15] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-22] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\****\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-22] (Kaspersky Lab ZAO)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 13:44 - 2013-09-17 13:44 - 00001089 _____ C:\Users\****\Desktop\checkup.txt
2013-09-17 13:37 - 2013-09-17 13:37 - 00891144 _____ C:\Users\****\Desktop\SecurityCheck.exe
2013-09-17 09:34 - 2013-09-17 09:34 - 02347384 _____ (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-09-16 20:59 - 2013-09-16 20:59 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:58 - 2013-09-16 20:58 - 01029675 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2013-09-16 20:52 - 2013-09-16 20:54 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:51 - 2013-09-16 20:51 - 01039554 _____ C:\Users\****\Desktop\adwcleaner.exe
2013-09-16 20:36 - 2013-09-16 20:36 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 20:36 - 2013-09-16 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 20:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-16 13:19 - 2013-09-16 13:19 - 00023922 _____ C:\ComboFix.txt
2013-09-16 13:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 13:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 13:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 13:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 13:13 - 2013-09-16 13:19 - 00000000 ____D C:\Qoobox
2013-09-16 13:13 - 2013-09-16 13:18 - 00000000 ____D C:\Windows\erdnt
2013-09-16 13:12 - 2013-09-16 13:12 - 05126233 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-15 13:43 - 2013-09-15 14:34 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 13:42 - 2013-09-15 14:33 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 13:41 - 2013-09-15 14:33 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-13 20:44 - 2013-09-13 20:46 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 13:25 - 2005-11-04 14:03 - 15884288 _____ (Frontier Developments Ltd) C:\Users\****\Desktop\RCT3plus.exe
2013-09-13 13:23 - 2013-09-14 14:08 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 01:46 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 01:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 01:46 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 01:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 01:46 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 01:46 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 01:46 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 01:46 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 00:38 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 00:38 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 00:38 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 00:38 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 00:38 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 00:38 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 00:38 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 00:38 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 00:38 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 00:38 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 00:38 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 00:38 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 00:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 00:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 00:38 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 00:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:00 - 2013-09-12 22:01 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:43 - 2013-09-13 18:59 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 21:24 - 2013-09-12 21:48 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:24 - 2002-02-27 17:50 - 00197120 _____ C:\Windows\patchw32.dll
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-08-21 10:38 - 2013-09-08 00:01 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-21 01:25 - 2013-09-17 00:45 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
==================== One Month Modified Files and Folders =======
2013-09-17 13:44 - 2013-09-17 13:44 - 00001089 _____ C:\Users\****\Desktop\checkup.txt
2013-09-17 13:37 - 2013-09-17 13:37 - 00891144 _____ C:\Users\****\Desktop\SecurityCheck.exe
2013-09-17 13:29 - 2013-05-07 09:02 - 00028398 _____ C:\Windows\setupact.log
2013-09-17 13:28 - 2013-05-08 09:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 13:22 - 2012-03-02 13:21 - 01134871 _____ C:\Windows\WindowsUpdate.log
2013-09-17 13:19 - 2013-05-22 14:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:03 - 2012-08-22 21:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 09:37 - 2011-04-12 09:43 - 00697658 _____ C:\Windows\system32\perfh007.dat
2013-09-17 09:37 - 2011-04-12 09:43 - 00148452 _____ C:\Windows\system32\perfc007.dat
2013-09-17 09:37 - 2009-07-14 07:13 - 01616098 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 09:34 - 2013-09-17 09:34 - 02347384 _____ (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-09-17 09:16 - 2013-05-08 09:12 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 09:16 - 2013-02-08 20:19 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-17 09:16 - 2013-02-08 20:19 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-17 09:04 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 09:04 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 08:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 00:45 - 2013-08-21 01:25 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-09-16 21:45 - 2012-03-02 14:29 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7B3C50F5-5065-4B79-83E1-64326B5EA377}
2013-09-16 20:59 - 2013-09-16 20:59 - 00000000 ____D C:\Windows\ERUNT
2013-09-16 20:58 - 2013-09-16 20:58 - 01029675 _____ (Thisisu) C:\Users\****\Desktop\JRT.exe
2013-09-16 20:54 - 2013-09-16 20:52 - 00000000 ____D C:\AdwCleaner
2013-09-16 20:51 - 2013-09-16 20:51 - 01039554 _____ C:\Users\****\Desktop\adwcleaner.exe
2013-09-16 20:47 - 2013-05-07 09:23 - 00024044 _____ C:\Windows\PFRO.log
2013-09-16 20:36 - 2013-09-16 20:36 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-16 20:36 - 2013-09-16 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 17:09 - 2012-06-10 23:23 - 00000000 ____D C:\Users\****\AppData\Roaming\EurekaLog
2013-09-16 13:19 - 2013-09-16 13:19 - 00023922 _____ C:\ComboFix.txt
2013-09-16 13:19 - 2013-09-16 13:13 - 00000000 ____D C:\Qoobox
2013-09-16 13:19 - 2012-07-08 21:35 - 00000000 ____D C:\Users\****
2013-09-16 13:18 - 2013-09-16 13:13 - 00000000 ____D C:\Windows\erdnt
2013-09-16 13:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-16 13:12 - 2013-09-16 13:12 - 05126233 ____R (Swearware) C:\Users\****\Desktop\ComboFix.exe
2013-09-16 00:36 - 2012-04-22 19:04 - 00000000 ____D C:\Users\****\dwhelper
2013-09-15 23:02 - 2013-09-15 23:02 - 00000000 ____D C:\FRST
2013-09-15 22:59 - 2013-09-15 22:59 - 01951146 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2013-09-15 21:19 - 2013-09-15 21:19 - 00069054 _____ C:\Users\****\Downloads\Extras.Txt
2013-09-15 21:17 - 2013-09-15 21:17 - 00120730 _____ C:\Users\****\Downloads\OTL.Txt
2013-09-15 21:12 - 2013-09-15 21:12 - 00602112 _____ (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-09-15 20:45 - 2013-09-15 20:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-15 14:34 - 2013-09-15 13:43 - 720646144 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd3.avi
2013-09-15 14:33 - 2013-09-15 13:42 - 731492352 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd2.avi
2013-09-15 14:33 - 2013-09-15 13:41 - 731918336 _____ C:\Users\****\Downloads\south_beach_cruisin_3_cd1.avi
2013-09-14 14:08 - 2013-09-13 13:23 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2013-09-14 10:20 - 2012-03-02 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 20:46 - 2013-09-13 20:44 - 00000267 _____ C:\Users\****\Desktop\GraphFix.log
2013-09-13 20:04 - 2012-08-22 21:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 20:04 - 2012-08-22 21:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 20:04 - 2012-08-22 21:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 18:59 - 2013-09-12 21:43 - 00000000 ____D C:\Users\****\Downloads\download
2013-09-13 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 09:38 - 2012-03-02 13:22 - 00000000 ___RD C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 09:37 - 2009-07-14 06:45 - 00328312 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 01:46 - 2013-08-15 23:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 01:45 - 2012-03-02 20:14 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 22:06 - 2013-09-12 22:06 - 07645941 _____ C:\Users\****\Downloads\wildupdate3.zip
2013-09-12 22:01 - 2013-09-12 22:01 - 00000000 ____D C:\Users\****\Downloads\rct3goldpatch1
2013-09-12 22:01 - 2013-09-12 22:00 - 17629901 _____ C:\Users\****\Downloads\rct3goldpatch1.rar
2013-09-12 21:48 - 2013-09-12 21:24 - 00000000 ____D C:\Users\****\Documents\RCT3
2013-09-12 21:47 - 2013-09-12 21:47 - 00000000 ____D C:\Users\****\AppData\Roaming\Atari
2013-09-12 21:47 - 2012-03-02 19:21 - 00000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-12 21:36 - 2012-03-02 13:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-12 21:31 - 2013-09-12 21:31 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\ProgramData\DivX
2013-09-12 18:34 - 2012-03-03 00:10 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-12 00:18 - 2012-11-10 15:40 - 00020992 _____ C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-11 10:45 - 2013-02-05 15:14 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:45 - 2013-02-05 15:14 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00003078 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask3803288S-1-5-21-1271028360-3297184197-3865748728-1000
2013-09-11 10:44 - 2013-09-11 10:44 - 00001136 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-11 10:44 - 2013-09-11 10:44 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-11 10:44 - 2012-06-23 20:38 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-09-11 10:44 - 2012-06-23 20:38 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-09-11 10:44 - 2012-03-03 00:09 - 00000000 ____D C:\Users\****\AppData\Roaming\RealNetworks
2013-09-11 10:44 - 2012-03-03 00:08 - 00000000 ____D C:\ProgramData\Real
2013-09-08 00:01 - 2013-08-21 10:38 - 00002011 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-23 17:51 - 2012-03-02 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-21 17:56 - 2012-06-05 21:50 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-08-21 01:25 - 2013-08-21 01:25 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-18 22:02 - 2012-05-08 16:55 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-18 16:43 - 2012-05-03 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 00:01 - 2013-08-17 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-11 00:16
==================== End Of Log ============================
--- --- --- |
|
17.09.2013, 15:47
| #10 |
| /// the machine /// TB-Ausbilder | Trojan.Win32.Buzus.nzom danach 20 Malware Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2013, 16:14
| #11 |
| | Trojan.Win32.Buzus.nzom danach 20 Malware Ok danke für deine Hilfe |
|
17.09.2013, 20:04
| #12 |
| /// the machine /// TB-Ausbilder | Trojan.Win32.Buzus.nzom danach 20 Malware Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojan.Win32.Buzus.nzom danach 20 Malware |
| ebanking, expert pdf, flash player, iexplore.exe, install.exe, internet, kaspersky, malware, plug-in, programm, pup.babylon.a, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.multiplug.a, pup.optional.opencandy, pup.optional.sprotector.a, pup.optional.tarma.a, pup.optional.webcake.a, pup.optional.yourfiledownloader, registry, secunia psi, security, senden, shark, software, teamspeak |
Linear-Darstellung
