| |
| |||||||
Log-Analyse und Auswertung: Logfiles(Programme OTL,defogger und gmer)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.01.2014, 23:01
| #1 |
| |  Logfiles(Programme OTL,defogger und gmer) Ich habe seit einigen tagen das Problem , dass auf fast allen seiten werbelinks ´aufploppen´ und außerdem gibt es in Texten meist grüne links die ein Fenster mit Werbung erscheinen lassen.In diesem beitag stehen die logdateien von OTL defogger und Gmer. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2014 22:20:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OEM\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,00 Gb Paging File | 2,58 Gb Available in Paging File | 64,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279,38 Gb Total Space | 186,07 Gb Free Space | 66,60% Space Free | Partition Type: NTFS
Drive D: | 101,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: OEM-PC | User Name: OEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.05 22:19:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Downloads\OTL (1).exe
PRC - [2013.12.18 22:55:48 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013.12.18 22:55:48 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013.12.16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) -- C:\Programme\Hi-Rez Studios\HiPatchService.exe
PRC - [2013.12.06 02:30:04 | 000,040,448 | ---- | M] () -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.06.05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2002.07.11 13:49:14 | 000,045,056 | -H-- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
PRC - [2002.03.20 18:32:54 | 000,253,952 | ---- | M] (ABBYY (BIT Software)) -- C:\Programme\ABBYY FineReader 5.0 Sprint\CAgent.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.10.12 02:05:26 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013.10.12 02:05:23 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013.10.12 02:05:05 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013.10.12 02:04:58 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013.10.12 02:04:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013.10.12 02:04:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013.08.21 16:59:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013.08.21 00:27:47 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013.08.21 00:27:47 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll
MOD - [2013.08.21 00:27:39 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013.08.21 00:24:55 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013.08.21 00:24:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013.08.21 00:24:45 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013.08.21 00:24:40 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013.07.11 21:39:36 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Services (SafeList) ==========
SRV - [2013.12.16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Programme\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.12.06 02:30:04 | 000,040,448 | ---- | M] () [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013.11.26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.10.10 16:19:42 | 000,088,424 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Programme\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.07.01 20:35:12 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.04 08:17:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva399.sys -- (XDva399)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athur.sys -- (athur)
DRV - [2013.04.24 09:18:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.06.27 15:19:45 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.02.01 02:31:00 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.03.18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 E5 DE 8E 21 4A CD 01 [binary data]
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=1cad855f000000000000fed111b3c68c
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=hp&installDate={installDate}"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.171_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OEM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BalancedWorlds.com/WebLauncher: C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ext@flash-Enhancer.com: C:\Program Files\AmiExt\flashEnhancer\ff [2014.01.04 23:35:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.21 19:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Extensions
[2014.01.04 23:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions
[2013.04.23 12:46:21 | 000,000,000 | ---D | M] (Wajam) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
[2012.12.17 21:00:13 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\ffxtlbr@incredibar.com
[2012.11.01 15:14:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\ffxtlbra@softonic.com
[2014.01.04 23:35:04 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\hhet4dre.default\extensions\support@websteroidsapp.com
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\firefox\profiles\hhet4dre.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2014.01.04 23:35:12 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
File not found (No name found) -- C:\USERS\OEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHET4DRE.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://start.qone8.com/?type=hp&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: BrowserProtect (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: WebLauncher (Enabled) = C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Users\OEM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\
CHR - Extension: flash-Enhancer = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: Websteroids = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: Google Wallet = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Programme\AmiExt\flashEnhancer\ie\AmiBho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Programme\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ABBYY Community Agent] C:\Programme\ABBYY FineReader 5.0 Sprint\CAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LMPDPSRV] C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [Akamai NetSession Interface] C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [baeebdbeadac] C:\ProgramData\baeebdbeadac.exe ()
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706005333-3740103379-220519801-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1BD7C4-EC59-4007-993A-D91114848A3F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62AA40AE-7123-41C9-8FD3-3DFD8799D781}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.25 07:46:16 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2012.02.01 02:31:00 | 000,000,042 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8f9e3395-ef55-11e1-87ef-001966314452}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9e3395-ef55-11e1-87ef-001966314452}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{dc17916f-886f-11e1-b9b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc17916f-886f-11e1-b9b9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2012.02.01 02:31:00 | 004,917,144 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014.01.05 22:23:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL (2).exe
[2014.01.04 23:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014.01.04 23:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[2014.01.04 23:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lightspark 0.5.3-git
[2014.01.04 23:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\AmiExt
[2014.01.04 23:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014.01.04 23:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2014.01.04 23:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013.12.23 23:07:21 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\TS3Client
[2013.12.23 22:57:08 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.12.23 22:56:56 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
[2013.12.12 17:58:57 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.12.12 17:58:57 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.12.12 17:58:56 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.12.12 17:58:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.12.12 17:58:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013.12.12 17:58:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.12.12 17:58:55 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013.12.12 17:58:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.12.12 17:58:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.12.12 17:58:54 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.12.12 17:58:54 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013.12.12 17:58:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013.12.12 17:58:52 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.12.12 17:58:50 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.12.12 17:55:59 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.12.12 13:35:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.12.12 13:35:24 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.12 13:35:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.12.12 13:35:20 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.12.12 13:35:20 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.12 13:35:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.05 22:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL (2).exe
[2014.01.05 22:23:15 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.05 22:23:14 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.05 22:16:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.05 22:16:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014.01.05 22:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.05 22:15:49 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.05 22:14:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job
[2014.01.05 22:11:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.05 20:14:02 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job
[2013.12.30 19:40:34 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.30 19:40:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.30 19:40:34 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.30 19:40:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.23 22:57:09 | 000,001,215 | ---- | M] () -- C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
[2013.12.20 23:57:46 | 000,000,003 | ---- | M] () -- C:\Windows\System32\HRUPPROG.DIE.NOW
[2013.12.17 19:23:02 | 000,010,110 | ---- | M] () -- C:\Users\OEM\Documents\Französisch.odt
[2013.12.17 18:36:07 | 000,009,603 | ---- | M] () -- C:\Users\OEM\Documents\untitled_0.odt
[2013.12.12 18:55:04 | 000,294,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.01.04 23:34:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013.12.23 22:57:09 | 000,001,215 | ---- | C] () -- C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
[2013.12.20 23:57:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\HRUPPROG.DIE.NOW
[2013.12.17 19:23:00 | 000,010,110 | ---- | C] () -- C:\Users\OEM\Documents\Französisch.odt
[2013.12.17 18:47:52 | 000,009,603 | ---- | C] () -- C:\Users\OEM\Documents\untitled_0.odt
[2013.10.30 16:08:09 | 000,000,006 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\WBPU-TTL.DAT
[2013.10.30 16:08:08 | 000,000,095 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\WB.CFG
[2013.08.23 13:48:09 | 000,055,296 | ---- | C] () -- C:\ProgramData\qxiedxmtobqnpxp
[2013.08.23 13:38:05 | 000,057,856 | ---- | C] () -- C:\ProgramData\pmfoiwsqwyeqhdp
[2013.08.23 13:38:05 | 000,000,219 | ---- | C] () -- C:\ProgramData\baeebdbeadac.cfg
[2013.08.23 13:37:35 | 000,269,312 | ---- | C] () -- C:\ProgramData\baeebdbeadac.exe
[2012.12.26 12:13:45 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.11.20 13:57:18 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.11.20 13:57:18 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.11.20 13:57:17 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.11.20 13:57:17 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.08.19 22:02:10 | 000,007,616 | ---- | C] () -- C:\Users\OEM\AppData\Local\Resmon.ResmonCfg
[2012.07.08 13:15:32 | 000,003,584 | ---- | C] () -- C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.27 15:19:45 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012.06.27 15:19:45 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.05.05 09:03:55 | 000,000,268 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\LMCPaper.dat
[2012.05.05 08:30:05 | 000,003,932 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\LMLayout.dat
[2012.05.05 08:15:50 | 000,000,019 | ---- | C] () -- C:\Windows\vaLangChoice.ini
[2012.05.05 08:15:04 | 000,000,150 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.17 10:31:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ReinstallCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\HideIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ShowIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\shell\open\command\\: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ReinstallCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\HideIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\InstallInfo\\ShowIconsCommand: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.6T7NOXTF2EY5CUHI2J746F5PFU\shell\open\command\\: "C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe" [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013.11.26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH [2013.11.19 18:06:21 | 000,806,096 | ---- | M] (Microsoft Corporation)
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BB1102D7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:35 on 05/01/2014 (OEM) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-05 23:34:41
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Maxtor_6L300R0 rev.BAJ41G20 279,48GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OEM\AppData\Local\Temp\uwldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8303B9A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8305B512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91830000, 0x130E98, 0xE8000020]
---- EOF - GMER 2.1 ----
FRST - Editor: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by OEM (administrator) on OEM-PC on 05-01-2014 23:46:48
Running from C:\Users\OEM\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
(DeviceGuys) C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\vsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Akamai Technologies, Inc.) C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Users\OEM\Desktop\Defogger.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\OEM\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\OEM\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ABBYY Community Agent] - C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe [253952 2002-03-20] (ABBYY (BIT Software))
HKLM\...\Run: [LMPDPSRV] - C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe [45056 2002-07-11] (DeviceGuys)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\OEM\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKCU\...\Run: [Google Update] - C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-27] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [baeebdbeadac] - C:\ProgramData\baeebdbeadac.exe [269312 2013-08-23] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
MountPoints2: {8f9e3395-ef55-11e1-87ef-001966314452} - E:\INSTALL.EXE
MountPoints2: {dc17916f-886f-11e1-b9b9-806e6f6e6963} - D:\setup.exe
AppInit_DLLs: c:\progra~2\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x29E5DE8E214ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=1383142140&from=cor&uid=MaxtorX6L300R0_L61JQJKH&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=1cad855f000000000000fed111b3c68c
BHO: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default
FF user.js: detected! => C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\user.js
FF Homepage: hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=7ed1389b-1775-4231-98ed-40d42fb6767f&searchtype=hp&installDate={installDate}
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.171_0\npsoe.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\OEM\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\OEM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: incredibar.com - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\ffxtlbr@incredibar.com
FF Extension: softonic.com - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\ffxtlbra@softonic.com
FF Extension: Websteroids - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\support@websteroidsapp.com
FF Extension: Wajam - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: Movie2kDownloader - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\hhet4dre.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files\AmiExt\flashEnhancer\ff
FF Extension: flash-Enhancer - C:\Program Files\AmiExt\flashEnhancer\ff
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1383142136&from=cor&uid=MaxtorX6L300R0_L61JQJKH
CHR RestoreOnStartup: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Perion plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (BrowserProtect) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (WEBZEN Browser Extension) - C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
CHR Plugin: (WebLauncher) - C:\Users\OEM\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
CHR Plugin: (Google Update) - C:\Users\OEM\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Extended Protection) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (flash-Enhancer) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0
CHR Extension: () - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0
CHR Extension: (Google Wallet) - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\OEM\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\
CHR HKLM\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\OEM\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [eekenbbpcpcniaemgikmjacjpbfnnnlk] - C:\ProgramData\ADDICT-THING\eekenbbpcpcniaemgikmjacjpbfnnnlk.crx
CHR HKLM\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files\AmiExt\flashEnhancer\ch\flashEnhancer.crx
CHR HKLM\...\Chrome\Extension: [golgkiejijdbdpkkjkjcjlpcpcklkhlh] - C:\ProgramData\ADDICT-THING\golgkiejijdbdpkkjkjcjlpcpcklkhlh.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2013-12-16] (Hi-Rez Studios)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-06] ()
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2012-06-27] ()
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc. )
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-04-24] (Malwarebytes Corporation)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
S3 athur; system32\DRIVERS\athur.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva396; \??\C:\Windows\system32\XDva396.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
U3 uwldapow; \??\C:\Users\OEM\AppData\Local\Temp\uwldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-05 23:46 - 2014-01-05 23:47 - 00017637 _____ C:\Users\OEM\Downloads\FRST.txt
2014-01-05 23:46 - 2014-01-05 23:46 - 00000000 ____D C:\FRST
2014-01-05 23:43 - 2014-01-05 23:43 - 01064805 _____ (Farbar) C:\Users\OEM\Downloads\FRST (1).exe
2014-01-05 23:34 - 2014-01-05 23:34 - 00000733 _____ C:\Users\OEM\Desktop\GMER.log
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 ____D C:\Users\OEM\Desktop\Neuer Ordner
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 _____ C:\Users\OEM\defogger_reenable
2014-01-05 22:34 - 2014-01-05 22:34 - 00000240 _____ C:\Users\OEM\Desktop\defogger_enable.log
2014-01-05 22:33 - 2014-01-05 23:04 - 00000468 _____ C:\Users\OEM\Desktop\defogger_disable.log
2014-01-05 22:33 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Desktop\gmer_2.1.19163.exe
2014-01-05 22:33 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Desktop\Defogger.exe
2014-01-05 22:31 - 2014-01-05 22:31 - 00071668 _____ C:\Users\OEM\Downloads\Extras.Txt
2014-01-05 22:28 - 2014-01-05 22:36 - 00113724 _____ C:\Users\OEM\Downloads\OTL.Txt
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (2).exe
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Desktop\OTL (2).exe
2014-01-05 22:18 - 2014-01-05 22:19 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (1).exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Downloads\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Downloads\Defogger.exe
2014-01-05 22:00 - 2014-01-05 22:01 - 01064761 _____ (Farbar) C:\Users\OEM\Downloads\FRST.exe
2014-01-04 23:45 - 2014-01-04 23:45 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-04 23:36 - 2014-01-04 23:36 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Updater
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\Program Files\AmiExt
2014-01-04 23:34 - 2014-01-05 22:35 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-04 23:31 - 2014-01-04 23:32 - 00402472 _____ (Amônétízé Ltd) C:\Users\OEM\Downloads\FlashPlayer__4072_i234259464_il11.exe
2014-01-03 17:36 - 2014-01-05 22:15 - 00000448 _____ C:\Windows\setupact.log
2014-01-03 17:36 - 2014-01-03 17:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 13:49 - 2014-01-05 23:35 - 00233137 _____ C:\Windows\WindowsUpdate.log
2014-01-01 22:28 - 2014-01-01 22:28 - 00019031 _____ C:\Users\OEM\Downloads\DragonNestEUSetup63.exe.torrent
2013-12-23 23:07 - 2013-12-27 04:26 - 00000000 ____D C:\Users\OEM\AppData\Roaming\TS3Client
2013-12-23 22:57 - 2013-12-23 22:57 - 00001215 _____ C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
2013-12-23 22:57 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-23 22:56 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
2013-12-23 22:45 - 2013-12-23 22:46 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\OEM\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-20 23:57 - 2013-12-27 05:28 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-20 23:57 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.DIE.NOW
2013-12-20 14:57 - 2013-12-20 14:57 - 00000200 _____ C:\Windows\system32\config\game.cfg
2013-12-17 19:23 - 2013-12-17 19:23 - 00010110 _____ C:\Users\OEM\Documents\Französisch.odt
2013-12-17 18:47 - 2013-12-17 18:36 - 00009603 _____ C:\Users\OEM\Documents\untitled_0.odt
2013-12-17 18:41 - 2013-12-17 18:42 - 45687999 _____ C:\Users\OEM\Downloads\LanguageTool-2.3.oxt
2013-12-12 19:00 - 2013-12-24 14:06 - 02304092 _____ () C:\Users\OEM\Downloads\TechnicLauncher (5).exe
2013-12-12 17:58 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 17:58 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 17:58 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 17:58 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 17:58 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 17:58 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 17:58 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 17:58 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 17:58 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 17:58 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 17:58 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 17:58 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 17:58 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 17:58 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 17:58 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 17:58 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 17:58 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 17:58 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 17:58 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 17:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 17:55 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 13:35 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 13:35 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 13:35 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 13:35 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 13:35 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 13:35 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 13:35 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 13:35 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 13:35 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 13:35 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 13:35 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 20:07 - 2013-12-09 20:10 - 00000000 ____D C:\Program Files\GUM78FA.tmp
==================== One Month Modified Files and Folders =======
2014-01-05 23:47 - 2014-01-05 23:46 - 00017637 _____ C:\Users\OEM\Downloads\FRST.txt
2014-01-05 23:46 - 2014-01-05 23:46 - 00000000 ____D C:\FRST
2014-01-05 23:43 - 2014-01-05 23:43 - 01064805 _____ (Farbar) C:\Users\OEM\Downloads\FRST (1).exe
2014-01-05 23:35 - 2014-01-03 13:49 - 00233137 _____ C:\Windows\WindowsUpdate.log
2014-01-05 23:34 - 2014-01-05 23:34 - 00000733 _____ C:\Users\OEM\Desktop\GMER.log
2014-01-05 23:16 - 2013-03-13 15:52 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Skype
2014-01-05 23:14 - 2012-11-27 19:28 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job
2014-01-05 23:11 - 2013-04-22 17:23 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 23:04 - 2014-01-05 22:33 - 00000468 _____ C:\Users\OEM\Desktop\defogger_disable.log
2014-01-05 22:36 - 2014-01-05 22:28 - 00113724 _____ C:\Users\OEM\Downloads\OTL.Txt
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 ____D C:\Users\OEM\Desktop\Neuer Ordner
2014-01-05 22:35 - 2014-01-05 22:35 - 00000000 _____ C:\Users\OEM\defogger_reenable
2014-01-05 22:35 - 2014-01-04 23:34 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job
2014-01-05 22:35 - 2012-04-17 10:40 - 00000000 ____D C:\Users\OEM
2014-01-05 22:34 - 2014-01-05 22:34 - 00000240 _____ C:\Users\OEM\Desktop\defogger_enable.log
2014-01-05 22:31 - 2014-01-05 22:31 - 00071668 _____ C:\Users\OEM\Downloads\Extras.Txt
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (2).exe
2014-01-05 22:23 - 2014-01-05 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Desktop\OTL (2).exe
2014-01-05 22:23 - 2009-07-14 05:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 22:23 - 2009-07-14 05:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 22:19 - 2014-01-05 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL (1).exe
2014-01-05 22:16 - 2013-04-22 17:23 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 22:16 - 2012-05-18 15:03 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-05 22:15 - 2014-01-03 17:36 - 00000448 _____ C:\Windows\setupact.log
2014-01-05 22:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 22:06 - 2014-01-05 22:33 - 00377856 _____ C:\Users\OEM\Desktop\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:33 - 00050477 _____ C:\Users\OEM\Desktop\Defogger.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00602112 _____ (OldTimer Tools) C:\Users\OEM\Downloads\OTL.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00377856 _____ C:\Users\OEM\Downloads\gmer_2.1.19163.exe
2014-01-05 22:06 - 2014-01-05 22:06 - 00050477 _____ C:\Users\OEM\Downloads\Defogger.exe
2014-01-05 22:01 - 2014-01-05 22:00 - 01064761 _____ (Farbar) C:\Users\OEM\Downloads\FRST.exe
2014-01-05 20:14 - 2012-11-27 19:28 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job
2014-01-05 19:06 - 2012-06-29 18:18 - 00000000 ____D C:\Users\OEM\AppData\Local\PMB Files
2014-01-05 19:06 - 2012-06-29 18:18 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-04 23:45 - 2014-01-04 23:45 - 00000000 ____D C:\ProgramData\InternetUpdater
2014-01-04 23:36 - 2014-01-04 23:36 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\Updater
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-04 23:35 - 2014-01-04 23:35 - 00000000 ____D C:\Program Files\AmiExt
2014-01-04 23:34 - 2013-04-23 12:44 - 00000000 ____D C:\Users\OEM\AppData\Local\SwvUpdater
2014-01-04 23:32 - 2014-01-04 23:31 - 00402472 _____ (Amônétízé Ltd) C:\Users\OEM\Downloads\FlashPlayer__4072_i234259464_il11.exe
2014-01-03 17:36 - 2014-01-03 17:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 22:28 - 2014-01-01 22:28 - 00019031 _____ C:\Users\OEM\Downloads\DragonNestEUSetup63.exe.torrent
2013-12-31 20:26 - 2013-08-23 16:01 - 00000000 ____D C:\Users\OEM\AppData\Roaming\.minecraft
2013-12-30 19:40 - 2010-11-20 22:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 05:28 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-27 04:26 - 2013-12-23 23:07 - 00000000 ____D C:\Users\OEM\AppData\Roaming\TS3Client
2013-12-26 20:39 - 2013-11-22 21:58 - 00000000 ____D C:\Users\OEM\AppData\Roaming\.technic
2013-12-24 14:06 - 2013-12-12 19:00 - 02304092 _____ () C:\Users\OEM\Downloads\TechnicLauncher (5).exe
2013-12-23 22:57 - 2013-12-23 22:57 - 00001215 _____ C:\Users\OEM\Desktop\TeamSpeak 3 Client.lnk
2013-12-23 22:57 - 2013-12-23 22:57 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-23 22:57 - 2013-12-23 22:56 - 00000000 ____D C:\Users\OEM\AppData\Local\TeamSpeak 3 Client
2013-12-23 22:46 - 2013-12-23 22:45 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\OEM\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-20 23:57 - 2013-12-20 23:57 - 00000003 _____ C:\Windows\system32\HRUPPROG.DIE.NOW
2013-12-20 14:57 - 2013-12-20 14:57 - 00000200 _____ C:\Windows\system32\config\game.cfg
2013-12-20 12:51 - 2013-03-13 15:52 - 00000000 ___RD C:\Program Files\Skype
2013-12-20 12:51 - 2013-03-13 15:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-18 18:14 - 2013-11-24 17:23 - 00000000 ____D C:\Users\OEM\Downloads\Neverwinter_de
2013-12-17 19:23 - 2013-12-17 19:23 - 00010110 _____ C:\Users\OEM\Documents\Französisch.odt
2013-12-17 18:42 - 2013-12-17 18:41 - 45687999 _____ C:\Users\OEM\Downloads\LanguageTool-2.3.oxt
2013-12-17 18:36 - 2013-12-17 18:47 - 00009603 _____ C:\Users\OEM\Documents\untitled_0.odt
2013-12-14 01:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:55 - 2009-07-14 05:33 - 00294528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 18:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 17:58 - 2013-08-21 00:25 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 17:56 - 2007-06-25 23:50 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-09 20:10 - 2013-12-09 20:07 - 00000000 ____D C:\Program Files\GUM78FA.tmp
2013-12-06 14:18 - 2012-11-27 19:30 - 00002346 _____ C:\Users\OEM\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\ProgramData\baeebdbeadac.exe
C:\ProgramData\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-24 21:26
==================== End Of Log ============================
--- --- --- Addition - Editor: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by OEM at 2014-01-05 23:47:52
Running from C:\Users\OEM\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
ABBYY FineReader 5.0 Sprint (Version: 5.0.0.22227 - ABBYY Software House)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04 - Adobe Systems Incorporated)
AION Free-to-Play (Version: - Gameforge)
Akamai NetSession Interface (Version: - )
Akamai NetSession Interface (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70928.1538 - Advanced Micro Devices, Inc.) Hidden
Arc (Version: 1.0.0.5510 - Perfect World Entertainment)
Belkin USB Wireless Adapter (Version: 1.0.0.12 - Belkin)
Belkin USB Wireless Adapter (Version: 1.0.0.12 - Belkin) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0928.1532.26058 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.00 - Piriform)
Duel of Champions (Version: - Ubisoft)
flash-Enhancer (Version: 2.1 - flash-Enhancer.com)
Gameforge Live 1.9.0 "Legend" (Version: 1.9.0 - Gameforge)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0 - Hi-Rez Studios)
Internet Updater (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
League of Legends (Version: 1.3 - Riot Games)
Lightspark 0.5.3-git (Version: 0.5.3-git - Lightspark Team)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA PhysX (Version: 9.09.0428 - NVIDIA Corporation)
OpenOffice.org 3.4 (Version: 3.4.9590 - OpenOffice.org)
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Software Version Updater (Version: 1.1.3.8 - ) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
Tribes Ascend (Version: 1.0.1268.1 - Hi-Rez Studios)
Unity Web Player (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Updater (Version: 2.6.53 - Creative Island Media, LLC)
ViewAhead Photo Center (Version: - )
Websteroids (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
15-12-2013 18:00:11 Windows-Sicherung
17-12-2013 11:37:23 Windows Update
20-12-2013 14:00:44 Windows Update
22-12-2013 18:00:18 Windows-Sicherung
24-12-2013 12:53:01 Windows Update
27-12-2013 18:13:45 Windows Update
29-12-2013 20:18:37 Windows-Sicherung
31-12-2013 14:29:13 Windows Update
03-01-2014 16:42:49 Windows Update
05-01-2014 18:00:39 Windows-Sicherung
05-01-2014 21:22:45 OTL Restore Point - 05.01.2014 22:22:42
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {240FB945-7244-4F13-A68D-DA963D0C3B05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {4E031782-38E0-4ACF-B155-8FA219682C78} - System32\Tasks\{04FE97FA-CB65-481E-92DE-82605C35E171} => C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
Task: {661FCE05-B2B0-42E9-916C-F7D133B2D44B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68829A11-C466-4E95-BF40-35B60FC0D70E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {719C2E94-42CA-42CE-8501-52C327009399} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {8C2F16B6-0322-4050-BBF8-1268CCC4BD0B} - System32\Tasks\Google Updater and Installer => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {B40BED84-7A58-4213-ADC7-8536318734A8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {DD2EE5D8-8ACA-40DF-AD80-6758E99263EA} - System32\Tasks\AmiUpdXp => C:\Users\OEM\AppData\Local\SwvUpdater\Updater.exe [2014-01-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E5C402F3-AC59-420A-816B-8AF93890BD18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {E7A5BEAF-CCC5-43B7-81E7-1B3B054111E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\OEM\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000Core.job => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706005333-3740103379-220519801-1000UA.job => C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 14:18 - 2013-12-04 03:47 - 00702416 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 14:18 - 2013-12-04 03:47 - 00099792 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 04055504 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 00399312 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 14:18 - 2013-12-04 03:47 - 01619408 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 14:18 - 2013-12-04 03:48 - 13586896 _____ () C:\Users\OEM\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:BB1102D7
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2014 10:17:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2014 04:02:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CAgent.exe, Version: 5.0.0.426, Zeitstempel: 0x3c98aba5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x87c
Startzeit der fehlerhaften Anwendung: 0xCAgent.exe0
Pfad der fehlerhaften Anwendung: CAgent.exe1
Pfad des fehlerhaften Moduls: CAgent.exe2
Berichtskennung: CAgent.exe3
Error: (01/05/2014 03:48:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 W
Ich würde mich über eure Hilfe sehr freuen.  orgalim1 Geändert von orgalim1 (05.01.2014 um 23:54 Uhr) |
|
05.01.2014, 23:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Logfiles(Programme OTL,defogger und gmer) Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu Logfiles(Programme OTL,defogger und gmer) |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, akamai, antivirus, bho, branding, defender, desktop, explorer, format, google, grüne links, iexplore.exe, logfile, malwarebytes, microsoft, ntdll.dll, plug-in, problem, programme, realtek, registry, rundll, scan, seiten, software, teamspeak, uplay, wajam, werbung, windows, wmp, wrapper |
Linear-Darstellung
