Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht (https://www.trojaner-board.de/143360-usb-stick-nur-noch-verknuepfungen-gespeichert-files-versteckt-bzw-geloescht.html)

Jakki 21.10.2013 10:03
USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht
 
Hallo Forum,

so wie auch einige andere habe ich mir im Internetcafe einen Virus eingefangen, der die Dateien auf meinem USB-Stick in Verknüpfungen verwandelt bzw. sieht es so aus, als ob die "echte" Datei auf dem USB-Stick selbst versteckt wird (siehe Log, zu "1").

Folgende Schritte sind gelaufen (Log anbei):

1) Verdeckte Dateien anzeigen (die VBS-Datei kommt nach Löschen immer wieder)
2) Malware-Scan
3) Farbare-Scan
4) OTL-Scan
5) Trend-Mircro (meine Standardsoftware)
5) USB-Vaccination (Panda)

Was kann ich tun, um das Problem zu beheben? Würde gerne vermeiden, mein System neu aufzusetzen.

Herzlichen Dank für eure Hilfe,
Jakki

(2) Log Malware Scan

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.10.17.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

Schutz: Aktiviert

17.10.2013 17:45:46
mbam-log-2013-10-17 (17-45-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387753
Laufzeit: 3 Stunde(n), 18 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Daten: inff -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Daten: C:\Program Files\DealPly\DealPly.crx -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\Program Files\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPly.xpi (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPlyTune.dll (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPlyUpdate.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPlyUpdate.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\DealPlyUpdateRun.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\icon.ico (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DealPly\uninst.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\DealPly\UpdateProc\src.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\DealPly\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.10.17.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

Schutz: Aktiviert

17.10.2013 21:28:26
mbam-log-2013-10-17 (21-28-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 192467
Laufzeit: 10 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log 3: Farbare Scan

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by User at 2013-10-21 13:25:31
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3531-W-D (Version: 1.5.18)
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Agere Systems HDA Modem
airtel (Version: 23.009.05.04.284)
Amazon MP3-Downloader 1.0.9
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.2)
Bing Bar (Version: 7.0.858.0)
Canon My Printer
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink PowerDirector (Version: 6.5.2209a)
CyberLink YouCam (Version: 1.0.1415)
Dell 1130n Laser Printer
ESET Online Scanner v3
FastStone Image Viewer 4.6 (Version: 4.6)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8)
Inst5657 (Version: 5.00.91)
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 4 (Version: 1.6.0.40)
Launch Manager V1.4.9 (Version: 1.4.9)
Letstrade (Version: 1.00.0000)
LetsTrade Komponenten
MakeDisc (Version: 3.0.2601)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MediaShow (Version: 3.0.4325)
MEDION Fotos auf CD Nord (Version: 6.0.2.0)
MEDIONbox (Version: 1.09.0000.00052)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2000 Premium (Version: 9.00.2816)
Microsoft Outlook 2002 (Version: 10.0.6626.0)
Microsoft PhotoDraw 2000
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2000 (Version: 9.00.2816)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Essentials (Version: 8.10.124)
neroxml (Version: 1.0.0)
NVIDIA Drivers
OmniPass 5.00.91 (Version: 5.00.91)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PDF24 Creator 5.4.0
PhotoNow! (Version: 1.0.4310)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 4.2.2612)
QuickTime (Version: 7.73.80.64)
Ralink Wireless LAN (Version: 1.00.0000)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5532)
Realtek USB 2.0 Card Reader (Version: )
Sceneo AbsolutTV
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.9 (Version: 6.9.106)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.0.14.0)
Trend Micro Titanium (Version: 6.00)
Trend Micro Titanium Maximum Security (Version: 6.0)
TVsweeper 3 (Version: 3.0.3)
Ulead PhotoImpact 12 (Version: 12.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update_DealPly
VCRedistSetup (Version: 1.0.0)
WIDCOMM Bluetooth Software 6.0.1.6000 (Version: 6.0.1.6000)
Windows Live Messenger (Version: 8.1.0178.00)
WISO Mein Geld 2008 Professional (Version: 9.00.01.0023)
WISO Steuer 2012 (Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (Version: 20.00.8137)
X10 Hardware(TM)

==================== Restore Points =========================

23-06-2013 05:55:18 Geplanter Prüfpunkt
24-06-2013 08:22:00 Geplanter Prüfpunkt
01-07-2013 12:00:18 Installed Cisco Systems VPN Client 5.0.07.0290
09-07-2013 06:36:45 Removed Bing Bar
10-07-2013 11:51:19 Windows Update
15-07-2013 05:09:37 Windows Update
16-07-2013 04:56:47 Geplanter Prüfpunkt
20-07-2013 12:49:05 Windows Update
15-08-2013 14:41:32 Windows Update
29-08-2013 08:57:21 Windows Update
10-09-2013 06:39:40 Geplanter Prüfpunkt
13-09-2013 04:37:58 Windows Update
14-09-2013 12:42:39 Windows Update
09-10-2013 05:39:01 Geplanter Prüfpunkt
12-10-2013 08:39:04 Windows Update
17-10-2013 08:32:25 Windows Update

==================== Hosts content: ==========================

2006-11-02 15:53 - 2006-09-19 03:11 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0205A524-AA61-4C74-B9B1-FF114F24E13B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {0FAFAE17-8ED6-4CE0-ADDD-BBFC3876BD1F} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {1123AB72-54CA-402B-AB34-15BF94834D46} - \DealPly No Task File
Task: {1CBAB76F-B115-4886-92CA-BD6B841F5A6E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3331F768-722C-4783-ACD7-27F88593F395} - System32\Tasks\{8CAFFFF5-B2D4-4D22-8301-2A88F49B3441} => Firefox.exe Skype Privacy Policy
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {52E43D5A-B014-4F1E-95E8-1971711095FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {794FC6F0-C7DA-4AB2-8761-67D167037AA2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7E34282C-5D8A-4128-A45C-17F0E9A05D6B} - System32\Tasks\DealPlyUpdate => C:\Program Files\DealPly\DealPlyUpdate.exe
Task: {CCAF6078-85C8-457D-AA08-AF181ADD937F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D5A273C5-9869-4A69-AA16-F2978517A943} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)
Task: {DADF685F-68B7-4CB9-B13C-6AB2144AD874} - System32\Tasks\ReclaimerUpdateXML_User => C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F7CB0A16-2B8A-45EB-A6DB-EBBBC9A29992} - System32\Tasks\{56AED09D-DFEA-42FE-8F77-2C9A710171D7} => Firefox.exe Skype Privacy Policy
Task: {FE7F01E8-E56F-47F4-BF22-F3A04BA0CA8F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2008-02-26 09:58 - 2007-11-02 16:57 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2008-02-26 09:58 - 2007-11-02 16:57 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2008-02-26 09:58 - 2007-11-02 16:57 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2008-02-26 09:58 - 2007-11-02 16:58 - 00434176 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2008-02-26 09:58 - 2007-11-02 16:58 - 01077248 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2008-02-26 09:58 - 2007-11-02 16:57 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2008-02-26 09:58 - 2007-11-02 16:57 - 00532480 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2007-12-04 18:37 - 2007-12-04 18:37 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-10-18 15:10 - 2013-01-22 11:59 - 00537088 _____ () C:\Users\User\Desktop\Airtel New\airtel\core.dll
2013-10-18 15:10 - 2012-11-28 15:37 - 00286720 _____ () C:\Users\User\Desktop\Airtel New\airtel\sdk.dll
2013-10-18 15:11 - 2009-01-11 02:32 - 00011362 _____ () C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll
2013-10-18 15:11 - 2009-06-23 10:42 - 00043008 _____ () C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll
2013-10-18 15:11 - 2012-10-31 17:11 - 02417152 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll
2013-10-18 15:11 - 2012-10-31 17:33 - 09562624 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll
2013-10-18 15:11 - 2012-10-31 19:04 - 15675904 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll
2013-10-18 15:11 - 2012-10-31 17:14 - 01148416 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll
2013-10-18 15:11 - 2012-10-31 17:53 - 03962368 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll
2013-10-18 15:11 - 2012-10-31 17:54 - 00306176 _____ () C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00405504 _____ () C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll
2013-10-18 15:10 - 2012-11-28 15:32 - 00628224 _____ () C:\Users\User\Desktop\Airtel New\airtel\Common.dll
2013-10-18 15:10 - 2012-11-29 15:41 - 00158208 _____ () C:\Users\User\Desktop\Airtel New\airtel\Trace.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00583168 _____ () C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00646144 _____ () C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll
2013-10-18 15:10 - 2012-12-11 15:06 - 00729088 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00195584 _____ () C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00241152 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00164864 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00155136 _____ () C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll
2013-10-18 15:10 - 2012-11-28 15:36 - 00177152 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00672768 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:35 - 00219648 _____ () C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:35 - 00142336 _____ () C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:35 - 00157184 _____ () C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:35 - 00730624 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00065536 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll
2013-10-18 15:10 - 2012-06-06 06:52 - 00155648 _____ () C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll
2013-10-18 15:10 - 2012-11-29 15:41 - 01124352 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:35 - 00704000 _____ () C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:36 - 00187392 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:36 - 00569344 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00158720 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00236032 _____ () C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00102400 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll
2013-10-18 15:10 - 2012-11-28 15:34 - 00201216 _____ () C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:33 - 00131584 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll
2013-10-18 15:10 - 2012-07-27 12:23 - 01114112 _____ () C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll
2013-10-18 15:10 - 2012-11-28 15:36 - 00702464 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:37 - 00062976 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll
2013-10-18 15:10 - 2012-06-06 06:52 - 00224256 _____ () C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll
2013-10-18 15:10 - 2012-11-28 15:44 - 00582144 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll
2013-10-18 15:11 - 2012-10-31 17:11 - 00398336 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll
2013-10-18 15:10 - 2012-11-28 15:36 - 00168960 _____ () C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll
2013-10-18 15:10 - 2012-11-28 15:45 - 00276992 _____ () C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll
2013-10-18 15:10 - 2012-11-28 15:49 - 00717824 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:41 - 00097792 _____ () C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll
2013-10-18 15:10 - 2012-11-28 15:44 - 00326656 _____ () C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll
2013-10-18 15:10 - 2012-12-03 10:16 - 00359936 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:38 - 00605184 _____ () C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:45 - 00118784 _____ () C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:47 - 00212992 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:39 - 00108032 _____ () C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll
2013-10-18 15:10 - 2013-01-22 12:00 - 00334848 _____ () C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll
2013-10-18 15:10 - 2013-01-28 19:26 - 00144384 _____ () C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:39 - 00150016 _____ () C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll
2013-10-18 15:10 - 2013-01-28 18:24 - 00519168 _____ () C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll
2013-10-18 15:10 - 2013-01-22 12:00 - 00304128 _____ () C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:47 - 00493568 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:41 - 00872448 _____ () C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:43 - 00818688 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll
2013-10-18 15:10 - 2012-11-28 15:50 - 00416768 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll
2013-10-18 15:10 - 2013-01-28 18:08 - 00144896 _____ () C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll
2013-10-18 15:10 - 2012-11-30 10:24 - 00236544 _____ () C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll
2013-10-18 15:11 - 2012-10-31 16:44 - 00082944 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll
2013-10-18 15:11 - 2012-10-31 16:46 - 00081920 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll
2013-10-18 15:11 - 2012-10-31 16:44 - 00192000 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll
2013-10-18 15:11 - 2012-10-31 16:45 - 00350720 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll
2013-10-18 15:11 - 2012-10-31 16:45 - 00370176 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll
2008-02-26 09:58 - 2007-11-02 17:06 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2007-12-04 18:25 - 2007-12-04 18:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2013-02-24 16:42 - 2012-05-03 00:56 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-02-24 16:42 - 2012-05-03 00:54 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 08925264 _____ () C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll
2013-01-25 14:26 - 2013-04-11 11:38 - 00028672 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll
2013-01-25 14:26 - 2013-04-11 11:38 - 00308816 _____ () C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll
2013-01-25 14:26 - 2013-04-11 11:38 - 00321104 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll
2013-01-25 14:25 - 2013-04-11 11:39 - 03001424 _____ () C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll
2013-01-25 14:26 - 2013-04-11 11:38 - 00136272 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 02173520 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01607248 _____ () C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01724496 _____ () C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 04158544 _____ () C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll
2013-01-17 14:30 - 2013-03-15 16:09 - 01041408 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll
2013-01-17 14:30 - 2013-02-12 12:03 - 00094208 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll
2013-01-17 14:30 - 2013-02-12 12:03 - 00251392 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01493584 _____ () C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 04947536 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01368144 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01748048 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01560656 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01145936 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau113.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01216080 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau213.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01305680 _____ () C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 06761552 _____ () C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01245184 _____ () C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll
2013-01-25 14:25 - 2013-04-11 11:38 - 01313872 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2013-10-08 12:31 - 2013-10-08 12:31 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-17 13:06 - 2013-10-17 13:06 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============
Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: )
Description: HWiNFO32

Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/21/2013 00:52:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 21.10.2013 um 12:50:26 unerwartet heruntergefahren.

Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: )
Description: HWiNFO32

Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/21/2013 11:40:37 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 21.10.2013 um 11:38:56 unerwartet heruntergefahren.

Error: (10/20/2013 03:50:05 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (10/20/2013 02:50:16 PM) (Source: Service Control Manager) (User: )
Description: HWiNFO32


Microsoft Office Sessions:
=========================
Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK

Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK

Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK


CodeIntegrity Errors:
===================================
Date: 2013-10-17 20:34:46.602
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:46.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:46.040
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:45.727
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:45.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:45.025
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:44.479
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:44.152
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:43.855
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-10-17 20:34:43.512
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3069.69 MB
Available physical RAM: 1428.66 MB
Total Pagefile: 6343.64 MB
Available Pagefile: 4503.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.08 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:252.39 GB) (Free:87.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:45.69 GB) (Free:33.65 GB) FAT32
Drive e: (airtel) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive j: (JULIA) (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: B14F9CC9)
Partition 1: (Not Active) - (Size=46 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=252 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

Log 4: OTL ScanOTL Logfile:
Code:
OTL logfile created on: 21.10.2013 13:58:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,24% Memory free
6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,39 Gb Total Space | 87,73 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive D: | 45,69 Gb Total Space | 33,65 Gb Free Space | 73,64% Space Free | Partition Type: FAT32
Drive E: | 62,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1,88 Gb Total Space | 1,88 Gb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\opvapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\LaunchAp.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\core.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Trace.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\sdk.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Common.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll ()
MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Program Files\Softex\OmniPass\scureapp.exe ()
MOD - C:\Program Files\Softex\OmniPass\userdata.dll ()
MOD - C:\Program Files\Softex\OmniPass\autheng.dll ()
MOD - C:\Program Files\Softex\OmniPass\storeng.dll ()
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
MOD - C:\Program Files\Softex\OmniPass\opfsdll.dll ()
MOD - C:\Program Files\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Program Files\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Program Files\Launch Manager\LaunchAp.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (uxddrv) -- G:\uxddrv86.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HWiNFO32) -- G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (TMEBC) -- C:\Windows\System32\drivers\TMEBC32.sys (Trend Micro Inc.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS"
FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013.02.24 16:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013.10.19 11:40:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.02.18 03:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.09.27 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\051kq9w4.default\extensions
[2013.08.15 11:32:36 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.08.12 20:22:15 | 000,010,530 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\duckduckgo.xml
[2013.08.15 19:06:35 | 000,002,492 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\ixquick-https.xml
[2013.10.08 12:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.10.08 12:31:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: {_signature:+fOUjDGgTSww+l34/R1SX6n8Zt9jJAZrqpr94XtiMLs=,_version:4,browser:{show_home_button:true},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,aohghmighlieiainnegkcijnfilokake,apdfllckaahabafndbhieahigkjlhalf,bbjciahceamgodcoidkjpchnokgfpphh,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,eemcgdkfndhakfknompkggombfjjjeno,gaiilaahiahdejapggenmdmafpmbipje,idhngdhcfkoamngbedgpaokgjbnpdiji,mfehgcgbbipciphmccgaenjidiccnmng,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:true,homepage_is_newtabpage:true,session:{restore_on_startup:5}},browser:{last_known_google_url:hxxp://www.google.de/,last_prompted_google_url:hxxp://www.google.de/,show_home_button:true,window_placement:{bottom:760,left:10,maximized:false,right:1060,top:10,work_area_bottom:770,work_area_left:0,work_area_right:1280,work_area_top:0}},countryid_at_install:17477,default_apps:install,default_apps_install_state:3,distribution:{alternate_shortcut_text:false,chrome_shortcut_icon_index:0,create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[Google,[hxxp://www.google.de/,2.60370040]],[Google,[hxxp://ssl.gstatic.com/,2.27338020,hxxp://www.google.com/,2.27338020,hxxp://www.google.de/,4.915941799999999]]],startup_list:[1,hxxp://addon.greetingmoods.com/,hxxp://cdn.montiera.com/,hxxp://chrome.dealply.com/,hxxp://reports.funmoods.com/,hxxp://ssl.gstatic.com/,hxxp://udp.dpstack.com/,hxxp://www.google-analytics.com/,hxxp://www.google.com/,hxxp://www.google.de/,https://ssl.google-analytics.com/]},download:{directory_upgrade:true},extensions:{autoupdate:{next_check:13003165276373603},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},last_chrome_version:24.0.1312.52,settings:{ahfgeienlihckogmohjhadlkjgocpleb:{app_launcher_ordinal:n,page_ordinal:n},aohghmighlieiainnegkcijnfilokake:{ack_external:true,app_launcher_ordinal:t,creation_flags:137,exclude_from_sideload_wipeout:true,from_bookmark:false,from_webstore:true,install_time:13003146664302981,location:1,manifest:{app:{launch:{local_path:main.html}},description:Create, share, and access your Google Docs from anywhere.,icons:{128:icon_128.png,16:icon_16.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB,manifest_version:2,name:Docs,offline_enabled:true,update_url:hxxp://clients2.google.com/service/update2/crx,version:0.0.0.6},page_ordinal:n,path:aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0,state:1,was_installed_by_default:true},apdfllckaahabafndbhieahigkjlhalf:{ack_external:true,exclude_from_sideload_wipeout:true},bbjciahceamgodcoidkjpchnokgfpphh:{ack_external: true
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
 
O1 HOSTS File: ([2006.09.19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [XBVDHI~1] wscript.exe //B "C:\Users\User\AppData\Roaming\XBVDHI~1.VBS" File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 121.242.190.180 121.242.190.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEAD9C8-1BAC-487A-A893-87458C7F9BEC}: NameServer = 122.160.120.56 202.56.230.7
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2013.01.29 16:32:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.06.20 15:43:04 | 000,000,094 | R--- | M] () - E:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell - "" = AutoRun
O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell - "" = AutoRun
O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell - "" = AutoRun
O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell - "" = AutoRun
O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.21 14:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.10.21 13:24:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.18 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel
[2013.10.18 15:12:23 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013.10.18 15:12:23 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013.10.18 15:12:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013.10.18 15:12:22 | 000,249,472 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2013.10.18 15:12:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013.10.18 15:12:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013.10.18 15:12:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013.10.18 15:12:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013.10.18 15:12:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013.10.18 15:12:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2013.10.18 15:12:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013.10.18 15:09:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Airtel New
[2013.10.18 11:46:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.10.17 21:44:03 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Internet Security
[2013.10.17 21:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.10.17 14:03:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.10.17 14:03:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.10.17 14:03:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.10.17 14:03:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.10.17 14:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.10.17 14:03:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.10.17 14:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.10.17 14:03:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.10.17 13:36:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.10.17 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.10.11 16:01:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.10.11 16:01:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.10.11 16:01:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.10.11 16:01:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.10.11 16:01:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.10.11 16:01:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.10.11 16:01:08 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.10.11 16:01:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.10.11 15:43:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.10.11 15:43:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.11 15:43:38 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.10.11 15:31:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.11 15:31:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.11 15:24:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.11 15:24:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.11 15:20:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiafbdrv.dll
[2013.10.11 15:20:32 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.10.10 12:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\airtel
[2013.10.10 12:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\airtel
[2013.10.08 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.21 14:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.21 13:58:24 | 000,686,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.10.21 13:58:24 | 000,646,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.10.21 13:58:24 | 000,150,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.10.21 13:58:24 | 000,123,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.10.21 13:53:32 | 000,054,932 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2013.10.21 13:51:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.21 13:51:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.21 13:51:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.10.21 13:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.21 13:51:35 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.21 13:50:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.10.21 12:52:34 | 328,056,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.10.18 15:22:51 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk
[2013.10.18 15:12:51 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\airtel.lnk
[2013.10.18 11:46:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.10.17 13:06:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.10.17 13:06:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.10.17 10:54:12 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2013.10.16 18:10:28 | 000,036,590 | ---- | M] () -- C:\Users\User\Desktop\Methodology.odt
[2013.10.12 14:53:53 | 000,481,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\sg_backup_2013-10-10-1222.spg
[2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\FirstBackup.spg
[2013.09.22 15:52:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.22 15:44:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.09.22 15:42:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.09.22 15:39:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.22 15:38:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.09.22 15:35:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.22 15:33:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.22 15:29:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.18 15:22:51 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk
[2013.10.18 15:12:51 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\airtel.lnk
[2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\XBVDHI~1.VBS
[2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS
[2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\sg_backup_2013-10-10-1222.spg
[2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\FirstBackup.spg
[2013.10.01 09:29:47 | 000,036,590 | ---- | C] () -- C:\Users\User\Desktop\Methodology.odt
[2013.06.12 08:48:03 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2013.02.24 16:42:49 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2013.02.24 16:34:42 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013.01.21 15:44:39 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2013.01.21 15:44:38 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2013.01.21 15:44:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2013.01.21 15:44:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2013.01.21 15:44:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2013.01.21 15:44:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2013.01.21 15:44:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2013.01.21 15:44:34 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2013.01.21 15:44:34 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2013.01.21 15:44:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2013.01.21 15:44:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2013.01.21 15:44:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2013.01.21 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2013.01.21 15:44:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2013.01.21 15:41:42 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2013.01.21 15:41:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2013.01.21 15:41:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2012.06.09 12:53:36 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe
[2012.06.09 12:50:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll
[2012.06.09 00:29:26 | 000,000,098 | ---- | C] () -- C:\Users\User\AppData\Roaming\Default.PLS
[2012.02.25 22:46:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.25 22:46:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.19 17:31:31 | 000,014,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.19 03:45:59 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012.02.18 00:14:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.17 20:55:10 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.15 15:20:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.02.15 15:01:13 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2012.02.15 14:59:57 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2012.02.15 13:44:32 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.10 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.06.09 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2012.05.13 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2013.06.17 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2013.05.16 10:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\René's Homepage
 
========== Purity Check ==========
 

< End of report >
--- --- ---

Jakki 21.10.2013 10:10
Log 4: OTL ScanOTL Logfile:
Code:
OTL logfile created on: 21.10.2013 13:58:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,24% Memory free
6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,39 Gb Total Space | 87,73 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive D: | 45,69 Gb Total Space | 33,65 Gb Free Space | 73,64% Space Free | Partition Type: FAT32
Drive E: | 62,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 1,88 Gb Total Space | 1,88 Gb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\opvapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\LaunchAp.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\core.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Trace.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\sdk.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Common.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll ()
MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll ()
MOD - C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Program Files\Softex\OmniPass\scureapp.exe ()
MOD - C:\Program Files\Softex\OmniPass\userdata.dll ()
MOD - C:\Program Files\Softex\OmniPass\autheng.dll ()
MOD - C:\Program Files\Softex\OmniPass\storeng.dll ()
MOD - C:\Program Files\Softex\OmniPass\scuredll.dll ()
MOD - C:\Program Files\Softex\OmniPass\opfsdll.dll ()
MOD - C:\Program Files\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Program Files\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Program Files\Launch Manager\LaunchAp.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (uxddrv) -- G:\uxddrv86.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HWiNFO32) -- G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (TMEBC) -- C:\Windows\System32\drivers\TMEBC32.sys (Trend Micro Inc.)
DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS"
FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013.02.24 16:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013.10.19 11:40:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.02.18 03:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.09.27 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\051kq9w4.default\extensions
[2013.08.15 11:32:36 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.08.12 20:22:15 | 000,010,530 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\duckduckgo.xml
[2013.08.15 19:06:35 | 000,002,492 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\ixquick-https.xml
[2013.10.08 12:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.10.08 12:31:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: {_signature:+fOUjDGgTSww+l34/R1SX6n8Zt9jJAZrqpr94XtiMLs=,_version:4,browser:{show_home_button:true},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,aohghmighlieiainnegkcijnfilokake,apdfllckaahabafndbhieahigkjlhalf,bbjciahceamgodcoidkjpchnokgfpphh,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,eemcgdkfndhakfknompkggombfjjjeno,gaiilaahiahdejapggenmdmafpmbipje,idhngdhcfkoamngbedgpaokgjbnpdiji,mfehgcgbbipciphmccgaenjidiccnmng,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:true,homepage_is_newtabpage:true,session:{restore_on_startup:5}},browser:{last_known_google_url:hxxp://www.google.de/,last_prompted_google_url:hxxp://www.google.de/,show_home_button:true,window_placement:{bottom:760,left:10,maximized:false,right:1060,top:10,work_area_bottom:770,work_area_left:0,work_area_right:1280,work_area_top:0}},countryid_at_install:17477,default_apps:install,default_apps_install_state:3,distribution:{alternate_shortcut_text:false,chrome_shortcut_icon_index:0,create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[Google,[hxxp://www.google.de/,2.60370040]],[Google,[hxxp://ssl.gstatic.com/,2.27338020,hxxp://www.google.com/,2.27338020,hxxp://www.google.de/,4.915941799999999]]],startup_list:[1,hxxp://addon.greetingmoods.com/,hxxp://cdn.montiera.com/,hxxp://chrome.dealply.com/,hxxp://reports.funmoods.com/,hxxp://ssl.gstatic.com/,hxxp://udp.dpstack.com/,hxxp://www.google-analytics.com/,hxxp://www.google.com/,hxxp://www.google.de/,https://ssl.google-analytics.com/]},download:{directory_upgrade:true},extensions:{autoupdate:{next_check:13003165276373603},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},last_chrome_version:24.0.1312.52,settings:{ahfgeienlihckogmohjhadlkjgocpleb:{app_launcher_ordinal:n,page_ordinal:n},aohghmighlieiainnegkcijnfilokake:{ack_external:true,app_launcher_ordinal:t,creation_flags:137,exclude_from_sideload_wipeout:true,from_bookmark:false,from_webstore:true,install_time:13003146664302981,location:1,manifest:{app:{launch:{local_path:main.html}},description:Create, share, and access your Google Docs from anywhere.,icons:{128:icon_128.png,16:icon_16.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB,manifest_version:2,name:Docs,offline_enabled:true,update_url:hxxp://clients2.google.com/service/update2/crx,version:0.0.0.6},page_ordinal:n,path:aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0,state:1,was_installed_by_default:true},apdfllckaahabafndbhieahigkjlhalf:{ack_external:true,exclude_from_sideload_wipeout:true},bbjciahceamgodcoidkjpchnokgfpphh:{ack_external: true
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
 
O1 HOSTS File: ([2006.09.19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [XBVDHI~1] wscript.exe //B "C:\Users\User\AppData\Roaming\XBVDHI~1.VBS" File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 121.242.190.180 121.242.190.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEAD9C8-1BAC-487A-A893-87458C7F9BEC}: NameServer = 122.160.120.56 202.56.230.7
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2013.01.29 16:32:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.06.20 15:43:04 | 000,000,094 | R--- | M] () - E:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell - "" = AutoRun
O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell - "" = AutoRun
O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell - "" = AutoRun
O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell - "" = AutoRun
O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.21 14:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.10.21 13:24:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.18 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel
[2013.10.18 15:12:23 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013.10.18 15:12:23 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013.10.18 15:12:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013.10.18 15:12:22 | 000,249,472 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2013.10.18 15:12:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013.10.18 15:12:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013.10.18 15:12:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013.10.18 15:12:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013.10.18 15:12:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013.10.18 15:12:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2013.10.18 15:12:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013.10.18 15:09:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Airtel New
[2013.10.18 11:46:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.10.17 21:44:03 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Internet Security
[2013.10.17 21:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.10.17 14:03:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.10.17 14:03:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.10.17 14:03:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.10.17 14:03:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.10.17 14:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.10.17 14:03:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.10.17 14:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.10.17 14:03:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.10.17 13:36:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.10.17 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.10.11 16:01:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.10.11 16:01:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.10.11 16:01:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.10.11 16:01:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.10.11 16:01:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.10.11 16:01:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.10.11 16:01:08 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.10.11 16:01:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.10.11 15:43:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.10.11 15:43:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.11 15:43:38 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.10.11 15:31:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.11 15:31:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.11 15:24:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.11 15:24:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.11 15:20:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiafbdrv.dll
[2013.10.11 15:20:32 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.10.10 12:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\airtel
[2013.10.10 12:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\airtel
[2013.10.08 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.21 14:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.21 13:58:24 | 000,686,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.10.21 13:58:24 | 000,646,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.10.21 13:58:24 | 000,150,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.10.21 13:58:24 | 000,123,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.10.21 13:53:32 | 000,054,932 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2013.10.21 13:51:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.21 13:51:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.21 13:51:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.10.21 13:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.21 13:51:35 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.21 13:50:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.10.21 12:52:34 | 328,056,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.10.18 15:22:51 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk
[2013.10.18 15:12:51 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\airtel.lnk
[2013.10.18 11:46:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.10.17 13:06:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.10.17 13:06:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.10.17 10:54:12 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2013.10.16 18:10:28 | 000,036,590 | ---- | M] () -- C:\Users\User\Desktop\Methodology.odt
[2013.10.12 14:53:53 | 000,481,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\sg_backup_2013-10-10-1222.spg
[2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\FirstBackup.spg
[2013.09.22 15:52:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.22 15:44:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.09.22 15:42:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.09.22 15:39:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.22 15:38:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.09.22 15:35:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.22 15:33:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.22 15:29:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.10.18 15:22:51 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk
[2013.10.18 15:12:51 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\airtel.lnk
[2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\XBVDHI~1.VBS
[2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS
[2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\sg_backup_2013-10-10-1222.spg
[2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\FirstBackup.spg
[2013.10.01 09:29:47 | 000,036,590 | ---- | C] () -- C:\Users\User\Desktop\Methodology.odt
[2013.06.12 08:48:03 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2013.02.24 16:42:49 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2013.02.24 16:34:42 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013.01.21 15:44:39 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2013.01.21 15:44:38 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2013.01.21 15:44:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2013.01.21 15:44:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2013.01.21 15:44:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2013.01.21 15:44:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2013.01.21 15:44:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2013.01.21 15:44:34 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2013.01.21 15:44:34 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2013.01.21 15:44:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2013.01.21 15:44:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2013.01.21 15:44:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2013.01.21 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2013.01.21 15:44:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2013.01.21 15:41:42 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2013.01.21 15:41:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2013.01.21 15:41:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2012.06.09 12:53:36 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe
[2012.06.09 12:50:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll
[2012.06.09 00:29:26 | 000,000,098 | ---- | C] () -- C:\Users\User\AppData\Roaming\Default.PLS
[2012.02.25 22:46:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.25 22:46:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.19 17:31:31 | 000,014,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.19 03:45:59 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012.02.18 00:14:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.17 20:55:10 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.15 15:20:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.02.15 15:01:13 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2012.02.15 14:59:57 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2012.02.15 13:44:32 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.10 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.06.09 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service
[2012.05.13 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2013.06.17 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2013.05.16 10:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\René's Homepage
 
========== Purity Check ==========
 

< End of report >
--- --- ---


Log Avast Scan

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-21 12:59:47
-----------------------------
12:59:47.359 OS Version: Windows 6.0.6002 Service Pack 2
12:59:47.360 Number of processors: 2 586 0xF0D
12:59:47.367 ComputerName: USER-PC UserName: User
12:59:50.884 Initialize success
13:13:12.903 AVAST engine defs: 13102000
13:13:36.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:13:36.855 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
13:13:37.254 Disk 0 MBR read successfully
13:13:37.257 Disk 0 MBR scan
13:13:37.262 Disk 0 Windows VISTA default MBR code
13:13:37.265 Disk 0 Partition - 00 0F Extended LBA 46798 MB offset 529293555
13:13:37.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 258444 MB offset 63
13:13:37.301 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 46798 MB offset 529293618
13:13:37.310 Disk 0 scanning sectors +625137345
13:13:37.466 Disk 0 scanning C:\Windows\system32\drivers
13:13:59.065 Service scanning
13:14:16.525 Service HWiNFO32 G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS **LOCKED** 87
13:14:38.411 Service uxddrv G:\uxddrv86.sys **LOCKED** 21
13:14:45.072 Modules scanning
13:14:54.918 Disk 0 trace - called modules:
13:14:54.944 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:14:54.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86821218]
13:14:54.960 3 CLASSPNP.SYS[8abac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85932028]
13:14:54.968 Scan finished successfully
13:16:30.770 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\Internet Security\MBR.dat"
13:16:30.778 The log file has been saved successfully to "C:\Users\User\Desktop\Internet Security\aswMBR-20-10-2013.txt"

Habe hoffentlich die Logs angemessen gepostet...

Zum USB-Stick - wie gesagt: die Datei XBVDHI-1.VBS lässt sich nicht dauerhaft löschen. Beim Anzeigen verdeckter Files wird die "echte Datei" verdeckt angezeigt, sichtbar ist jedoch nur die Verknüpfung.

Lieben Dank für Euren Rat,
Jakki

schrauber 22.10.2013 09:56
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307



Stick anklemmen, dran lassen.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jakki 23.10.2013 13:29
Hallo Schrauber,

ok - werde beim nächsten Mal die Logs richtig posten, dank der Infos.

Habe den Schädling nun gefunden (mit Avira) und gelöscht: das Program heisst VBS.Dunihi.O und saß unter C:\users\appdata\roaming. Avira hat die Files in Quarantäne geschoben und gelöscht - jetzt gehen die Sticks wieder (das unsichtbar gemachte File wurde wieder sichtbar und es wurden keine neuen Verknüpfungen erstellt) :singsing:

Würde die von dir empfohlenen Programme trotzdem laufen lassen, vielleicht finden sich andere Dateien, die nicht auf den Rechner gehören.

Vielen Dank und Grüße,
Jakki

schrauber 24.10.2013 06:40
ok.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131