-Z3RO-
Posts: 20 +0
Hi,
I have already looked for an answer to this problem but so far the general suggestion was to remove the folder "C:\Programme\SoftwareUpdate". It seemed to work at first but came back after the 3rd time or so of starting the Computer up again.
I just went through your 4 Step Guid and after the Restart The Malwarebytes initiated it did not come back. However I figured it might be a good idea to let you have a look at the log files to see if everything is indeed clean now.
I attached an image of the popup I get / got upon starting the computer.
Thank you in advance.
Here are the logs:
mbam-log-2014-01-05 (14-57-16)
--------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.05.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dustin :: DUSTIN-PC [administrator]
Protection: Enabled
05.01.2014 14:57:16
mbam-log-2014-01-05 (14-57-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258946
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 31
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: zr2X2X1G1S1F2V1S2Q0V -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.qvo6.com/?utm_source=b&u...ADS-00M2B0_WD-WCAV5112488224882&ts=1373535849) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.qvo6.com/?utm_source=b&u...ADS-00M2B0_WD-WCAV5112488224882&ts=1373535849) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
Folders Detected: 5
C:\Users\Dustin\AppData\Local\DownloadGuide (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyricsFan (PUP.Optional.LyricsFan.A) -> Quarantined and deleted successfully.
Files Detected: 21
C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\FreeScreenVideoRecorder.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\Java(1).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\Java.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\iminent.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-enabler.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-updater.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\amazon.ico (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\icq_setup.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\autocompletepro.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\washandgo.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Codec-V\Codec-V.dll (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
(end)
protection-log-2014-01-05
----------------------------------
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Starting protection
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Protection started successfully
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Starting IP protection
2014/01/05 14:56:42 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
2014/01/05 14:56:56 +0100 DUSTIN-PC Dustin MESSAGE Starting database refresh
2014/01/05 14:56:56 +0100 DUSTIN-PC Dustin MESSAGE Stopping IP protection
2014/01/05 14:56:58 +0100 DUSTIN-PC Dustin MESSAGE IP Protection stopped successfully
2014/01/05 14:57:00 +0100 DUSTIN-PC Dustin MESSAGE Database refreshed successfully
2014/01/05 14:57:00 +0100 DUSTIN-PC Dustin MESSAGE Starting IP protection
2014/01/05 14:57:01 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Starting protection
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Protection started successfully
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Starting IP protection
2014/01/05 15:11:08 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
attach
--------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11.11.2009 16:56:15
System Uptime: 05.01.2014 15:10:36 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 16,793 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 601 GiB total, 341,192 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 391,936 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP644: 31.12.2013 20:03:40 - DirectX wurde installiert
RP645: 01.01.2014 19:00:45 - Windows-Sicherung
RP646: 05.01.2014 02:19:22 - DirectX wurde installiert
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Lightroom 5 64-bit
Adobe Reader XI (11.0.01) - Deutsch
America's Army 3
America's Army: Proving Grounds Beta
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Ashampoo Burning Studio 2013 v.11.0.6
ASIO4ALL
Bandicam
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
Blender
Borderlands 2
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Capture NX 2
CEWE FOTOBUCH PRO
Codec-V
Corel Paint Shop Pro Photo X2
DiRT2
DiskMax 4.71
DivX Setup
DivxToDVD 0.5.2b
Dropbox
Dropbox Export Plug-in version 1.5.0 for Adobe Lightroom
EZ-RC
FileZilla Client 3.7.1
Firestorm-Release (remove only)
Free Download Manager 3.9.2
Google Chrome
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hitman: Absolution
Hitman: Sniper Challenge
HP Officejet 4620 series - Grundlegende Software für das Gerät
HP Officejet 4620 series Hilfe
HP Photo Creations
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Java 7 Update 21 (64-bit)
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
L.A. Noire
LineIn plugin for WinAMP v1.80 (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
Max Payne 3
Men of War: Assault Squad
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mirror's Edge™
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 de)
Mozilla Thunderbird 24.2.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed: Hot Pursuit
Nikon Message Center
Nikon Message Center 2
Nikon Movie Editor
Nikon Transfer
No More Room in Hell
NVIDIA 3D Vision Controller-Treiber 314.22
NVIDIA 3D Vision Treiber 331.65
NVIDIA Grafiktreiber 331.65
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 331.65
NVIDIA Update 1.15.2
NVIDIA Update Components
OpenAL
OpenOffice 4.0.1
OpticFilm 8100
Option WWAN Driver 5.0.32.0 Installer
Option WWAN Driver 5.0.32.0 Installer
Origin
PAYDAY 2 Demo
PDF Settings CS5
Picture Control Utility
Picture Control Utility x64
Platform
Presto! PageManager 7.23
Prison Architect
PunkBuster Services
Python 2.6.4
QuickTime
RaidCall
Rapture3D 2.3.22 Game
Rockstar Games Social Club
Secure Eraser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SilverFast 8.0.1r5 (64bit)
Skype Click to Call
Skype™ 6.11
Space Engineers
SpeedFan (remove only)
Spyder4Elite
SpyderPRINT
SpyderStudio
Star Wars: The Old Republic
Steam
TeamSpeak 3 Client
The Cursed Crusade
The Stanley Parable
Trust 100K Series Webcam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VC80CRTRedist - 8.0.50727.6195
VIA Plattform-Geräte-Manager
ViewNX 2
VSO CopyToDVD 4
Wacom Tablett
War Thunder
Warframe
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live-Uploadtool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Xvid Video Codec
ZoneAlarm LTD Toolbar
.
==== End Of File ===========================
dds
------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Dustin at 15:23:43 on 2014-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.1977 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PSIService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
E:\Programme\Spyder\Spyder4Elite\Utility\SpyderUtility.exe
C:\Users\Dustin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Officejet 4620 series\bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
E:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programme\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BK242VZ05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [Memory Cleaner] C:\Users\Dustin\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot
uRun: [EA Core] "E:\Programme\EA Games\EADM\Core.exe" -silent
uRun: [AdobeBridge] "E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dustin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TINTEN~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - E:\Programme\Spyder\Spyder4Elite\Utility\SpyderUtility.exe
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - E:\Programme\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - E:\Programme\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - E:\Programme\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - E:\Programme\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - E:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F408E428-6443-414B-B70B-740C91CB7122} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD7500AADS-00M2B0_WD-WCAV5112488224882&ts=1373535849
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\12kgelzv.default-1380042919334\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Dustin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dustin\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: E:\Programme\Adobe\Acrobat 9 Pro\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin6.dll
FF - ExtSQL: 2013-11-26 16:03; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\12kgelzv.default-1380042919334\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections - 256
FF - user.js: network.http.max-connections-per-server - 48
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 18
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-2 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-5-2 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-5-2 356128]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [2009-5-4 809984]
R2 MBAMScheduler;MBAMScheduler;E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-5 418376]
R2 MBAMService;MBAMService;E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-5 701512]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-5-14 27768]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-5-14 621336]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-2 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-2 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-4 838216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-5-14 2206864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dcscusb;Spyder3Print SR Spectrocolorimeter;C:\Windows\System32\drivers\dcscusb.sys [2009-5-29 14848]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-5-14 14136]
S3 PAC207;Trust 100K Series Webcam;C:\Windows\System32\drivers\PFC027.SYS [2010-7-13 686592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-3 19456]
S3 Spyder4;Datacolor Spyder4;C:\Windows\System32\drivers\dccmtr.sys [2011-7-12 15360]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-5-14 16152]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-3 57856]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-5-14 89912]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-5-14 15160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Programme\RealTemp\WinRing0x64.sys [2008-7-26 14544]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile="E:\Programme\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="E:\Programme\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-05 13:56:22 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Malwarebytes
2014-01-05 13:55:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 13:55:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 01:22:10 -------- d-----w- C:\Users\Dustin\AppData\Local\ArmA 2 OA
2014-01-04 12:22:13 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
2014-01-03 09:03:43 -------- d-----w- C:\Users\Dustin\AppData\Roaming\ASCOMP Software
2014-01-01 19:05:21 -------- d-----w- C:\Users\Dustin\AppData\Roaming\raidcall
2013-12-31 23:23:46 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2013-12-29 19:17:03 -------- d-----w- C:\Windows\System32\IO
2013-12-21 10:16:48 -------- d-----w- C:\Users\Dustin\AppData\Local\SoftwareUpdater
2013-12-16 21:50:57 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Telefónica
2013-12-16 21:50:56 -------- d-----w- C:\Users\Dustin\AppData\Roaming\TGCMLog
2013-12-16 21:50:47 -------- d-----w- C:\Program Files\Option
2013-12-16 21:50:26 123392 ----a-w- C:\Windows\System32\drivers\ZTEusbgps.sys
2013-12-16 21:50:22 -------- d-----w- C:\Windows\massfilter
2013-12-16 16:45:22 -------- d-----w- C:\ProgramData\Samsung
2013-12-16 12:24:48 -------- d-----w- C:\Windows\SysWow64\SupportAppPBHostless Modem
2013-12-16 12:24:45 -------- d-----w- C:\Program Files (x86)\Hostless Modem
2013-12-11 13:29:28 -------- d-----w- C:\Users\Dustin\AppData\Local\PAYDAY 2 (Demo)
.
==================== Find3M ====================
.
2014-01-04 19:38:15 291176 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-04 19:38:15 291176 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-01-04 19:37:58 291096 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-01-03 13:41:04 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2013-12-11 09:58:58 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-12-11 09:58:57 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-12-10 20:42:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:42:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 02:33:38 267936 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-10-23 08:20:10 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:06 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 02:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-20 07:50:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 20:48:07 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-10-11 20:48:07 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-07-12 15:54:02 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 15:25:40,59 ===============
I have already looked for an answer to this problem but so far the general suggestion was to remove the folder "C:\Programme\SoftwareUpdate". It seemed to work at first but came back after the 3rd time or so of starting the Computer up again.
I just went through your 4 Step Guid and after the Restart The Malwarebytes initiated it did not come back. However I figured it might be a good idea to let you have a look at the log files to see if everything is indeed clean now.
I attached an image of the popup I get / got upon starting the computer.
Thank you in advance.
Here are the logs:
mbam-log-2014-01-05 (14-57-16)
--------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.05.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dustin :: DUSTIN-PC [administrator]
Protection: Enabled
05.01.2014 14:57:16
mbam-log-2014-01-05 (14-57-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258946
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 31
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033426.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: zr2X2X1G1S1F2V1S2Q0V -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.qvo6.com/?utm_source=b&u...ADS-00M2B0_WD-WCAV5112488224882&ts=1373535849) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.qvo6.com/?utm_source=b&u...ADS-00M2B0_WD-WCAV5112488224882&ts=1373535849) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.
Folders Detected: 5
C:\Users\Dustin\AppData\Local\DownloadGuide (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LyricsFan (PUP.Optional.LyricsFan.A) -> Quarantined and deleted successfully.
Files Detected: 21
C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\FreeScreenVideoRecorder.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\Java(1).exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Dustin\Downloads\Java.exe (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\iminent.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-enabler.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Plus-HD-2.3-updater.job (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\amazon.ico (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\icq_setup.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\autocompletepro.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Local\DownloadGuide\Offers\washandgo.exe (PUP.Optional.DownloadGuide.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\Dustin\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Codec-V\Codec-V.dll (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
(end)
protection-log-2014-01-05
----------------------------------
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Starting protection
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Protection started successfully
2014/01/05 14:56:32 +0100 DUSTIN-PC Dustin MESSAGE Starting IP protection
2014/01/05 14:56:42 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
2014/01/05 14:56:56 +0100 DUSTIN-PC Dustin MESSAGE Starting database refresh
2014/01/05 14:56:56 +0100 DUSTIN-PC Dustin MESSAGE Stopping IP protection
2014/01/05 14:56:58 +0100 DUSTIN-PC Dustin MESSAGE IP Protection stopped successfully
2014/01/05 14:57:00 +0100 DUSTIN-PC Dustin MESSAGE Database refreshed successfully
2014/01/05 14:57:00 +0100 DUSTIN-PC Dustin MESSAGE Starting IP protection
2014/01/05 14:57:01 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Starting protection
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Protection started successfully
2014/01/05 15:11:06 +0100 DUSTIN-PC (null) MESSAGE Starting IP protection
2014/01/05 15:11:08 +0100 DUSTIN-PC Dustin MESSAGE IP Protection started successfully
attach
--------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11.11.2009 16:56:15
System Uptime: 05.01.2014 15:10:36 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 16,793 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 601 GiB total, 341,192 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 391,936 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP644: 31.12.2013 20:03:40 - DirectX wurde installiert
RP645: 01.01.2014 19:00:45 - Windows-Sicherung
RP646: 05.01.2014 02:19:22 - DirectX wurde installiert
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Lightroom 5 64-bit
Adobe Reader XI (11.0.01) - Deutsch
America's Army 3
America's Army: Proving Grounds Beta
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Ashampoo Burning Studio 2013 v.11.0.6
ASIO4ALL
Bandicam
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
Blender
Borderlands 2
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Capture NX 2
CEWE FOTOBUCH PRO
Codec-V
Corel Paint Shop Pro Photo X2
DiRT2
DiskMax 4.71
DivX Setup
DivxToDVD 0.5.2b
Dropbox
Dropbox Export Plug-in version 1.5.0 for Adobe Lightroom
EZ-RC
FileZilla Client 3.7.1
Firestorm-Release (remove only)
Free Download Manager 3.9.2
Google Chrome
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hitman: Absolution
Hitman: Sniper Challenge
HP Officejet 4620 series - Grundlegende Software für das Gerät
HP Officejet 4620 series Hilfe
HP Photo Creations
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Java 7 Update 21 (64-bit)
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
L.A. Noire
LineIn plugin for WinAMP v1.80 (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
Max Payne 3
Men of War: Assault Squad
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mirror's Edge™
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 de)
Mozilla Thunderbird 24.2.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed: Hot Pursuit
Nikon Message Center
Nikon Message Center 2
Nikon Movie Editor
Nikon Transfer
No More Room in Hell
NVIDIA 3D Vision Controller-Treiber 314.22
NVIDIA 3D Vision Treiber 331.65
NVIDIA Grafiktreiber 331.65
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 331.65
NVIDIA Update 1.15.2
NVIDIA Update Components
OpenAL
OpenOffice 4.0.1
OpticFilm 8100
Option WWAN Driver 5.0.32.0 Installer
Option WWAN Driver 5.0.32.0 Installer
Origin
PAYDAY 2 Demo
PDF Settings CS5
Picture Control Utility
Picture Control Utility x64
Platform
Presto! PageManager 7.23
Prison Architect
PunkBuster Services
Python 2.6.4
QuickTime
RaidCall
Rapture3D 2.3.22 Game
Rockstar Games Social Club
Secure Eraser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SilverFast 8.0.1r5 (64bit)
Skype Click to Call
Skype™ 6.11
Space Engineers
SpeedFan (remove only)
Spyder4Elite
SpyderPRINT
SpyderStudio
Star Wars: The Old Republic
Steam
TeamSpeak 3 Client
The Cursed Crusade
The Stanley Parable
Trust 100K Series Webcam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VC80CRTRedist - 8.0.50727.6195
VIA Plattform-Geräte-Manager
ViewNX 2
VSO CopyToDVD 4
Wacom Tablett
War Thunder
Warframe
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
Windows Live-Uploadtool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Xvid Video Codec
ZoneAlarm LTD Toolbar
.
==== End Of File ===========================
dds
------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Dustin at 15:23:43 on 2014-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.1977 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe
E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PSIService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
E:\Programme\Spyder\Spyder4Elite\Utility\SpyderUtility.exe
C:\Users\Dustin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Officejet 4620 series\bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
E:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programme\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BK242VZ05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [Memory Cleaner] C:\Users\Dustin\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot
uRun: [EA Core] "E:\Programme\EA Games\EADM\Core.exe" -silent
uRun: [AdobeBridge] "E:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "E:\Programme\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dustin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TINTEN~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - E:\Programme\Spyder\Spyder4Elite\Utility\SpyderUtility.exe
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - E:\Programme\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - E:\Programme\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - E:\Programme\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - E:\Programme\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - E:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F408E428-6443-414B-B70B-740C91CB7122} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD7500AADS-00M2B0_WD-WCAV5112488224882&ts=1373535849
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\12kgelzv.default-1380042919334\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Dustin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dustin\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: E:\Programme\Adobe\Acrobat 9 Pro\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Programme\QuickTime\Plugins\npqtplugin6.dll
FF - ExtSQL: 2013-11-26 16:03; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\12kgelzv.default-1380042919334\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections - 256
FF - user.js: network.http.max-connections-per-server - 48
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 18
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-2 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-5-2 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-5-2 356128]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe [2009-5-4 809984]
R2 MBAMScheduler;MBAMScheduler;E:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-5 418376]
R2 MBAMService;MBAMService;E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-5 701512]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-5-14 27768]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-5-14 621336]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-5-2 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-5-2 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-4 838216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-5-14 2206864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dcscusb;Spyder3Print SR Spectrocolorimeter;C:\Windows\System32\drivers\dcscusb.sys [2009-5-29 14848]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-5-14 14136]
S3 PAC207;Trust 100K Series Webcam;C:\Windows\System32\drivers\PFC027.SYS [2010-7-13 686592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-3 19456]
S3 Spyder4;Datacolor Spyder4;C:\Windows\System32\drivers\dccmtr.sys [2011-7-12 15360]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-5-14 16152]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-3 57856]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-5-14 89912]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-5-14 15160]
S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Programme\RealTemp\WinRing0x64.sys [2008-7-26 14544]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile="E:\Programme\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="E:\Programme\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-05 13:56:22 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Malwarebytes
2014-01-05 13:55:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 13:55:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 01:22:10 -------- d-----w- C:\Users\Dustin\AppData\Local\ArmA 2 OA
2014-01-04 12:22:13 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
2014-01-03 09:03:43 -------- d-----w- C:\Users\Dustin\AppData\Roaming\ASCOMP Software
2014-01-01 19:05:21 -------- d-----w- C:\Users\Dustin\AppData\Roaming\raidcall
2013-12-31 23:23:46 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2013-12-29 19:17:03 -------- d-----w- C:\Windows\System32\IO
2013-12-21 10:16:48 -------- d-----w- C:\Users\Dustin\AppData\Local\SoftwareUpdater
2013-12-16 21:50:57 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Telefónica
2013-12-16 21:50:56 -------- d-----w- C:\Users\Dustin\AppData\Roaming\TGCMLog
2013-12-16 21:50:47 -------- d-----w- C:\Program Files\Option
2013-12-16 21:50:26 123392 ----a-w- C:\Windows\System32\drivers\ZTEusbgps.sys
2013-12-16 21:50:22 -------- d-----w- C:\Windows\massfilter
2013-12-16 16:45:22 -------- d-----w- C:\ProgramData\Samsung
2013-12-16 12:24:48 -------- d-----w- C:\Windows\SysWow64\SupportAppPBHostless Modem
2013-12-16 12:24:45 -------- d-----w- C:\Program Files (x86)\Hostless Modem
2013-12-11 13:29:28 -------- d-----w- C:\Users\Dustin\AppData\Local\PAYDAY 2 (Demo)
.
==================== Find3M ====================
.
2014-01-04 19:38:15 291176 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-04 19:38:15 291176 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-01-04 19:37:58 291096 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-01-03 13:41:04 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2013-12-11 09:58:58 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-12-11 09:58:57 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-12-10 20:42:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:42:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 02:33:38 267936 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-10-23 08:20:10 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:06 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 02:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-20 07:50:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 20:48:07 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-10-11 20:48:07 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-07-12 15:54:02 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 15:25:40,59 ===============