Solved Worried - system compromised?

Jasso · Aug 18, 2012

Hello all, I really hope you can help.

There are several issues that make me believe my system has been compromised:
It started with me occasionally hearing someone else working on a computer through my speakers when a browser is open (still happens). As soon as the browser is closed it stops. Then yesterday I wanted to install Photoshop but it kept saying "Adobe Application Manager has stopped working", I tried everything but the problems remained and also I could not completely clean my pc from any Adobe stuff to try if that helps because strangely Adobe's own command line remover tool does not find any of the installed programs such as Flashplayer either, so I decided to update windows. I must say I have not done so since May so I went to the windows control panel and tried to download the "92 important updates". However it does not download even though my internet connection is working perfectly. So I read about this issues and found that a reason might be that my system has been infected.

Before I came here I had already scanned with the following programs:
Avast, Malware Bytes and Kaspersky TDDSKiller..nothing found, only thing that Kaspersky says is this: Locked file, Service: sptd, Service Type: Kernel Driver (0x1), Service Start: Boot (0x0), C:\\Windows\system32\Drivers\sptd.sys, plus the MD5 Number.

So now here are the logs generated while following your step by step guide:
BTW, I was not able to save any of the Scanner generated log files to my desktop. After saving they were not there. Only when I saved it into the "C:" directory itself, it worked.

AVAST Scan: Nothing found

MALWARE BYTES LOG:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
JaS_2 :: JFORCE [limited]

18.08.2012 21:34:39
mbam-log-2012-08-18 (21-34-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155968
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-18 23:34:11
Windows 6.1.7600
Running: hdlg6v9b.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675abd4e
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675abd4e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CHROME.EXE-2AC80AEA.pf 45272 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 472 bytes

---- EOF - GMER 1.0.15 ----

DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by JaS at 0:04:15 on 2012-08-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2358 [GMT 4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\ffpext\ffpsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uURLSearchHooks: H - No File
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
BHO: Web Lock Extension for Internet Explorer: {cea0e33c-a206-4996-980f-2596270e0c7a} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S47EC.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "C:\Juegos\STEAM\Steam.exe" -silent
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\JaS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Presentation Support Tool.lnk - C:\Program Files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21} : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E} : NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\05149435 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\4505D2C494E4B4F5932433445403 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\458627565635471627370254C656364727F6E6963635 : DhcpNameServer = 192.168.10.85 192.168.10.10
TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\E47494 : DhcpNameServer = 213.42.20.20 195.229.241.222
TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79} : NameServer = 213.132.63.25 80.227.2.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SEH: App-Control: {f911591f-d659-40ed-b048-eb8f8e48ab00} - C:\Windows\SysWOW64\MeAmHook32.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214}
{326E768D-4182-46FD-9C16-1449A49795F4}
{53707962-6F74-2D53-2644-206D7942484F}
{724d43a9-0d85-11d4-9908-00400523e39a}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{CEA0E33C-A206-4996-980F-2596270E0C7A}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{cd90bf73-20f6-44ef-993d-bb920303bd2e}
{724d43a0-0d85-11d4-9908-00400523e39a}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
mRun-x64: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
App-Control
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MENET;MENET;C:\Windows\system32\Drivers\MENET.SYS --> C:\Windows\system32\Drivers\MENET.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-16 44768]
R2 MeSuWTS;Vision WTS Helper;C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe [2012-7-6 181920]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-26 2255464]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 meddmrr;meddmrr;C:\Windows\system32\DRIVERS\meddmrr.sys --> C:\Windows\system32\DRIVERS\meddmrr.sys [?]
R3 mekbd;mekbd;C:\Windows\system32\Drivers\mekbd.sys --> C:\Windows\system32\Drivers\mekbd.sys [?]
R3 memice;memice;C:\Windows\system32\Drivers\memice.sys --> C:\Windows\system32\Drivers\memice.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-13 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 655944]
.
=============== Created Last 30 ================
.
2012-08-18 11:38:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 10:51:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 10:51:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-11 06:09:58 -------- d-----w- C:\Program Files (x86)\XMind
2012-08-06 20:09:15 -------- d-----w- C:\ProgramData\Research In Motion
2012-08-06 20:09:05 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-08-06 17:59:35 -------- d-----w- C:\Users\JaS\AppData\Local\SugarSync
2012-08-06 17:59:23 -------- d-----w- C:\Program Files (x86)\SugarSync
2012-08-01 10:45:35 -------- d-----w- C:\xampp
2012-08-01 10:18:02 -------- d-----w- C:\Users\JaS\AppData\Local\Macromedia
2012-07-31 16:50:27 711240 ----a-w- C:\Windows\is-KSQG3.exe
2012-07-31 12:13:14 -------- d-----w- C:\ProgramData\YTD Video Downloader
2012-07-31 12:13:08 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2012-07-29 19:28:53 69632 ----a-w- C:\nporbit.dll
2012-07-26 12:46:54 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-07-21 18:40:54 164120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
.
==================== Find3M ====================
.
2012-07-14 12:43:01 22176 ----a-w- C:\Windows\System32\drivers\mekbd.sys
2012-07-14 12:43:01 20640 ----a-w- C:\Windows\System32\drivers\memice.sys
2012-07-06 15:28:32 74912 ----a-w- C:\Windows\System32\drivers\MeNet.sys
2012-07-06 15:28:32 200352 ----a-w- C:\Windows\System32\VisionLoginCredentialProvider.dll
2012-07-06 15:28:32 137376 ----a-w- C:\Windows\System32\MeAMHook64.dll
2012-07-06 15:28:30 121504 ----a-w- C:\Windows\SysWow64\MeAmHook32.dll
2012-07-06 15:28:24 176800 ----a-w- C:\Windows\System32\meddxl.dll
2012-07-06 15:28:24 14496 ----a-w- C:\Windows\System32\meddaux.dll
2012-07-05 23:01:06 49784 ----a-w- C:\Windows\System32\meddmrr.dll
2012-07-05 23:01:06 11384 ----a-w- C:\Windows\System32\drivers\meddmrr.sys
2012-07-03 09:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 11:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 11:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 0:04:58,57 ===============

DDS ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.05.2010 17:21:56
System Uptime: 18.08.2012 10:03:12 (14 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K70IO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Socket 478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 8,065 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 141 GiB total, 4,686 GiB free.
J: is FIXED (NTFS) - 10 GiB total, 1,124 GiB free.
K: is CDROM ()
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 17.08.2012 18:48:24 - Revo Uninstaller's restore point - Adobe AIR
RP412: 17.08.2012 18:53:34 - Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
RP413: 17.08.2012 18:55:23 - Revo Uninstaller's restore point - Adobe Download Assistant
RP414: 17.08.2012 18:55:41 - Removed Adobe Download Assistant
RP415: 17.08.2012 19:24:35 - Revo Uninstaller's restore point - Adobe Flash Player 11 ActiveX
RP416: 17.08.2012 19:26:45 - Revo Uninstaller's restore point - Adobe AIR
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 Plugin
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Android SDK Tools
Audacity 1.2.6
Auslogics Disk Defrag
avast! Free Antivirus
Biet-O-Matic v2.12.9
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
CamAlert II
Click-N-Type
CNTDesigner
ColorPic
Combined Community Codec Pack 2011-11-11
Corel Graphics - Windows Shell Extension
D3DX10
DHTML Editing Component
DivX-Setup
DolbyFiles
Dropbox
du Mobile Broadband
Easy Keyboard Manager 1.0.0
EasyCash&Tax 1.48
ElsterFormular
Empire: Total War
EPSON Scan
Fast Blog Finder 3
FastStone Capture 5.3
Fences
Free Mp3 Wma Converter V 1.93
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IETester v0.4.6 (remove only)
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 26
JDownloader
Junk Mail filter update
K-Lite Codec Pack 6.0.4 (Basic)
Kernel EML Viewer ver 10.09.01
Malwarebytes Anti-Malware Version 1.62.0.1300
Market Samurai
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Menu Templates - Starter Kit
Metro-Naval 1.9
Microsoft Keyboard Layout Creator 1.4
Microsoft Office Access MUI (German) 2007
Microsoft Office 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
Mozilla Firefox 4.0b7 (x86 de)
Mozilla Firefox 8.0 (x86 de)
Mozilla Thunderbird 14.0 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
Multiple File Search Replace 2.30
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Installer
Nero Update
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Offline Downloader
Orbit Downloader
PC Connectivity Solution
PDFCreator
PixLin
Polipo 1.0.4.1
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
RoboForm 7-7-0 (All Users)
RocketDock 1.3.5
Rome - Total War - Gold Edition
RouterControl 2.0
Samsung New PC Studio USB Driver Installer
Schwert und Speer Ultimat
Serif WebPlus Starter Edition
SHARP Pen Software
Skype Click to Call
Skype™ 5.8
Splashtop Remote Client
Spybot - Search & Destroy
SRWare Iron Version SRWare Iron 19.0.1100.0
Steam
SugarSync Manager
SUPER © Version 2010.bld.42 (Nov 7, 2010)
System Requirements Lab CYRI
TeamViewer 7
Tor 0.2.2.34
Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
TreeSize Free V2.6
TrueCrypt
Turbo Lister 2
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Veoh Web Player
Veoh Web Player Toolbar
Vidalia 0.2.15
Watchtower Library 2009 - Deutsch
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xaldon WebSpider2
XAMPP 1.7.7
XMind
YouTube Song Downloader
YTD Video Downloader 3.9
.
==== End Of File ===========================

Broni · Aug 18, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Jasso · Aug 18, 2012

Thanks a lot for the swift response!

rKILL LOG:

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2012 01:02:49 AM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe (PID: 3620) [UP-HEUR]
* C:\Windows\ffpext\ffpsrv.exe (PID: 3972) [WD-HEUR]
* C:\Program Files\Waterfox\firefox.exe (PID: 2000) [FI]

3 proccesses terminated!

Checking Registry for malware related settings.

* Advanced Explorer Setting Removed: HideIcons [HKCU]
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\JaS\Desktop\rkill\rkill-08-19-2012-01-02-56.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833.024 : 05/27/2010 06:48 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1.008.640 : 07/14/2009 00:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833.024 : 07/14/2009 00:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]

Program finished at: 08/19/2012 01:03:16 AM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

aswMBR LOG (did not ask me to update the virus definitions):

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 01:07:58
-----------------------------
01:07:58.079 OS Version: Windows x64 6.1.7600
01:07:58.079 Number of processors: 2 586 0x170A
01:07:58.097 ComputerName: JFORCE UserName: JaS
01:07:58.771 Initialize success
01:07:58.879 AVAST engine defs: 12081800
01:09:44.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:09:44.103 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 11
01:09:44.134 Disk 0 MBR read successfully
01:09:44.140 Disk 0 MBR scan
01:09:44.148 Disk 0 unknown MBR code
01:09:44.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:09:44.177 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89900 MB offset 206848
01:09:44.202 Disk 0 Partition 3 00 82 Linux swap 1431 MB offset 184322048
01:09:44.208 Disk 0 Partition - 00 05 Extended 213812 MB offset 187254782
01:09:44.225 Disk 0 Partition 4 00 83 Linux 11633 MB offset 187254784
01:09:44.234 Disk 0 Partition - 00 05 Extended 47684 MB offset 211079168
01:09:44.280 Disk 0 scanning C:\Windows\system32\drivers
01:09:54.237 Service scanning
01:10:14.712 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
01:10:22.760 Modules scanning
01:10:22.762 Disk 0 trace - called modules:
01:10:22.792 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043cf2c0]<<spnj.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:10:22.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800468c060]
01:10:22.794 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800451c180]
01:10:22.795 5 ACPI.sys[fffff8800103a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044f2060]
01:10:22.796 \Driver\atapi[0xfffffa80044e4e70] -> IRP_MJ_CREATE -> 0xfffffa80043cf2c0
01:10:23.532 AVAST engine scan C:\Windows
01:10:26.097 AVAST engine scan C:\Windows\system32
01:13:19.216 AVAST engine scan C:\Windows\system32\drivers
01:13:29.716 AVAST engine scan C:\Users\JaS
01:26:43.003 AVAST engine scan C:\ProgramData
01:30:07.481 Scan finished successfully
01:32:11.886 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
01:32:11.914 The log file has been saved successfully to "C:\aswMBR.txt"

Broni · Aug 18, 2012

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Jasso · Aug 19, 2012

COMBOFIX LOG (The total log is almost 650,000 characters long and 4/5 (rather more) of the log is about just 3 programs. So these 3 parts I have shortened but in case you really need them in full, let me know.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ComboFix 12-08-18.03 - JaS 19.08.2012 1:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.1874 [GMT 4:00]
ausgeführt von:: c:\users\JaS_2\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\juegos
c:\juegos\AoE III\1025\dwintl.dll
c:\juegos\AoE III\1028\dwintl.dll
c:\juegos\AoE III\1028\msiloadr.bin
c:\juegos\AoE III\1028\webloadr.bin
c:\juegos\AoE III\1029\dwintl.dll
c:\juegos\AoE III\1030\dwintl.dll
c:\juegos\AoE III\1031\dwintl.dll
c:\juegos\AoE III\1031\msiloadr.bin
c:\juegos\AoE III\1031\webloadr.bin
c:\juegos\AoE III\1032\dwintl.dll
c:\juegos\AoE III\1033\dwintl.dll
c:\juegos\AoE III\1033\msiloadr.bin
c:\juegos\AoE III\1033\webloadr.bin
c:\juegos\AoE III\1035\dwintl.dll
c:\juegos\AoE III\1036\dwintl.dll
c:\juegos\AoE III\1036\msiloadr.bin
c:\juegos\AoE III\1036\webloadr.bin
c:\juegos\AoE III\1037\dwintl.dll
c:\juegos\AoE III\1038\dwintl.dll
c:\juegos\AoE III\1040\dwintl.dll
c:\juegos\AoE III\1040\msiloadr.bin
c:\juegos\AoE III\1040\webloadr.bin
c:\juegos\AoE III\1041\dwintl.dll
c:\juegos\AoE III\1041\msiloadr.bin
c:\juegos\AoE III\1041\webloadr.bin
c:\juegos\AoE III\1042\dwintl.dll
c:\juegos\AoE III\1042\msiloadr.bin
c:\juegos\AoE III\1042\webloadr.bin
c:\juegos\AoE III\1043\dwintl.dll
c:\juegos\AoE III\1044\dwintl.dll
c:\juegos\AoE III\1045\dwintl.dll
c:\juegos\AoE III\1046\dwintl.dll
c:\juegos\AoE III\1048\dwintl.dll
c:\juegos\AoE III\1049\dwintl.dll
c:\juegos\AoE III\1050\dwintl.dll
c:\juegos\AoE III\1051\dwintl.dll
c:\juegos\AoE III\1053\dwintl.dll
c:\juegos\AoE III\1054\dwintl.dll
c:\juegos\AoE III\1055\dwintl.dll
c:\juegos\AoE III\1060\dwintl.dll
c:\juegos\AoE III\2052\dwintl.dll
c:\juegos\AoE III\2052\msiloadr.bin
c:\juegos\AoE III\2052\webloadr.bin
c:\juegos\AoE III\2070\dwintl.dll
c:\juegos\AoE III\3076\dwintl.dll
c:\juegos\AoE III\3082\dwintl.dll
c:\juegos\AoE III\3082\msiloadr.bin
c:\juegos\AoE III\3082\webloadr.bin
c:\juegos\AoE III\Age 3 Web.url
c:\juegos\AoE III\age3.exe
c:\juegos\AoE III\Age3Launcher.exe
c:\juegos\AoE III\age3x.exe
c:\juegos\AoE III\Age3xLauncher.exe
c:\juegos\AoE III\age3y.exe
c:\juegos\AoE III\age3ymc.xml

(this goes on and on, it looks like it's listing almost each and every file of the game)

After AOE III, this one comes, even though not nearly as many entries as AOE II has its still a lot so here as well, I am posting just the first ones:

c:\juegos\Medieval II Total War\binkw32.dll
c:\juegos\Medieval II Total War\cine.dll
c:\juegos\Medieval II Total War\custom\Vorherige Schlacht.cbx
c:\juegos\Medieval II Total War\data\animations\pack.dat
c:\juegos\Medieval II Total War\data\animations\pack.idx
c:\juegos\Medieval II Total War\data\animations\skeletons.dat
c:\juegos\Medieval II Total War\data\animations\skeletons.idx
c:\juegos\Medieval II Total War\data\cursors\arrow.ani
c:\juegos\Medieval II Total War\data\cursors\arrow.cur

Next up is STEAM, approximately as many entries as Medieval has so again, here are just the first ones:

c:\juegos\STEAM\appcache\appinfo.vdf
c:\juegos\STEAM\appcache\httpcache\00\005de2ef0846a732532236a04f9094354e90f7d8_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\02\022c032514c7fd907e87f84658974691a8d094f5_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\04\0416913b6b8ebbaf3ac1e2f39204bf6dcc5691d3_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\04\04bb71d9ec3af16aab5fa7e2c403d2f437d80748_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\06\064bc47d310a5d9f5b3447edff4d701c230fbfc8_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\07\077d04fcfe201095cf13019f891a2998a995929c_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0a\0a026ea9dedc4e83596de84925c237f0ae97f20a_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0d\0d53b79003f050bfa24bcb046b62cbceeee59cdb_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0e\0e43b94649c20dd20ce664ebedd36455c230d82a_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0e\0ec8da2091a094bd503923a081963020f54b08b4_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0f\0f629328908aa78deb74e67c780f68037fbff6d1_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\0f\0f7c7f5a9226ec43479878542c4bc81a77f75df6_da39a3ee5e6b4b0d3255bfef95601890afd80709
c:\juegos\STEAM\appcache\httpcache\10\104da077ab13

The following are all the remaining entries not related to AOEIII, Medieval or STEAM:

c:\users\JaS_2\AppData\Roaming\0ad
c:\users\JaS_2\AppData\Roaming\0ad\cache\temp.0adsave
c:\users\JaS_2\AppData\Roaming\0ad\config\user.cfg
c:\users\JaS_2\AppData\Roaming\0ad\data\saves\quicksave-0001.0adsave
c:\users\JaS_2\AppData\Roaming\0ad\data\saves\quicksave-0002.0adsave
c:\users\JaS_2\AppData\Roaming\0ad\logs\interestinglog.html
c:\users\JaS_2\AppData\Roaming\0ad\logs\mainlog.html
c:\users\JaS_2\AppData\Roaming\0ad\logs\sim_log\15504\commands.txt
c:\users\JaS_2\AppData\Roaming\0ad\logs\system_info.txt
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-18 bis 2012-08-18 ))))))))))))))))))))))))))))))
.
.
2012-08-18 11:38 . 2012-08-18 11:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 11:00 . 2012-08-18 11:00 -------- d-----w- c:\users\JaS_2\AppData\Local\Adobe
2012-08-18 10:51 . 2012-08-18 10:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 10:51 . 2012-08-18 10:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 19:03 . 2012-08-15 19:03 53248 ----a-r- c:\users\JaS_2\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-08-11 06:09 . 2012-08-11 06:16 -------- d-----w- c:\program files (x86)\XMind
2012-08-07 20:30 . 2012-08-12 23:16 -------- d-----w- c:\users\JaS_2\AppData\Local\SugarSync
2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\programdata\Research In Motion
2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Research In Motion
2012-08-06 17:59 . 2012-08-06 18:01 -------- d-----w- c:\users\JaS\AppData\Local\SugarSync
2012-08-06 17:59 . 2012-08-06 17:59 -------- d-----w- c:\program files (x86)\SugarSync
2012-08-05 11:52 . 2012-08-05 11:52 -------- d-----w- c:\users\JaS_2\AppData\Local\Macromedia
2012-08-01 10:45 . 2012-08-16 08:06 -------- d-----w- C:\xampp
2012-08-01 10:18 . 2012-08-01 10:18 -------- d-----w- c:\users\JaS\AppData\Local\Macromedia
2012-08-01 09:32 . 2012-08-01 09:32 -------- d-----w- c:\users\JaS_2\AppData\Roaming\Netop
2012-07-31 16:50 . 2012-07-31 16:50 711240 ----a-w- c:\windows\is-KSQG3.exe
2012-07-31 12:13 . 2012-07-31 12:13 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-31 12:13 . 2012-07-31 12:13 -------- d-----w- c:\program files (x86)\GreenTree Applications
2012-07-29 19:28 . 2010-09-29 18:33 69632 ----a-w- C:\nporbit.dll
2012-07-26 12:48 . 2012-08-15 13:02 -------- d-----w- c:\users\JaS_2\AppData\Local\Research In Motion
2012-07-26 12:46 . 2011-07-20 09:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-07-26 12:46 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-07-26 12:46 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-07-21 18:40 . 2009-10-27 08:22 164120 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 12:43 . 2012-07-14 12:43 22176 ----a-w- c:\windows\system32\drivers\mekbd.sys
2012-07-14 12:43 . 2012-07-14 12:43 20640 ----a-w- c:\windows\system32\drivers\memice.sys
2012-07-06 15:28 . 2012-07-06 15:28 74912 ----a-w- c:\windows\system32\drivers\MeNet.sys
2012-07-06 15:28 . 2012-07-06 15:28 200352 ----a-w- c:\windows\system32\VisionLoginCredentialProvider.dll
2012-07-06 15:28 . 2012-07-06 15:28 137376 ----a-w- c:\windows\system32\MeAMHook64.dll
2012-07-06 15:28 . 2012-07-06 15:28 121504 ----a-w- c:\windows\SysWow64\MeAmHook32.dll
2012-07-06 15:28 . 2012-07-06 15:28 176800 ----a-w- c:\windows\system32\meddxl.dll
2012-07-06 15:28 . 2012-07-06 15:28 14496 ----a-w- c:\windows\system32\meddaux.dll
2012-07-05 23:01 . 2012-07-05 23:01 49784 ----a-w- c:\windows\system32\meddmrr.dll
2012-07-05 23:01 . 2012-07-05 23:01 11384 ----a-w- c:\windows\system32\drivers\meddmrr.sys
2012-07-03 09:46 . 2011-08-23 12:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 17:33 . 2012-06-18 17:34 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-18 17:33 . 2012-06-18 17:34 188840 ----a-w- c:\windows\system32\java.exe
2012-06-02 22:19 . 2012-06-21 04:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 04:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 04:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 11:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 11:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-05-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-05-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CEA0E33C-A206-4996-980F-2596270E0C7A}]
2012-07-06 15:28 101024 ----a-w- c:\program files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-08-25 2816328]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-19 107000]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-07-13 9798776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2009-05-29 81408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Touch-It"="c:\program files (x86)\TouchIt Keyboard\touchitf.exe" [2008-04-11 1150976]
"MeUiHelper"="c:\program files (x86)\Netop\Vision\XL\meuihlp.exe" [2012-07-06 202912]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"InnoSetupRegFile.0000000001"="c:\windows\is-KSQG3.exe" [2012-07-31 711240]
.
c:\users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
c:\users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SignagePlayer.lnk - c:\program files (x86)\SignagePlayer\SignagePlayer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Presentation Support Tool.lnk - c:\program files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe [2012-7-8 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F911591F-D659-40ed-B048-EB8F8E48AB00}"= "c:\windows\SysWOW64\MeAmHook32.dll" [2012-07-06 121504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 421376]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-28 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2012-07-06 74912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 MeSuWTS;Vision WTS Helper;c:\program files (x86)\Netop\Vision\XL\mesuwts.exe [2012-07-06 181920]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2012-07-05 11384]
S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2012-07-14 22176]
S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2012-07-14 20640]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32065674
*NewlyCreated* - 81408113
*NewlyCreated* - ASWMBR
*Deregistered* - 32065674
*Deregistered* - 81408113
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 14:21]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 14:21]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000Core.job
- c:\users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 15:25]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000UA.job
- c:\users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 15:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA0E33C-A206-4996-980F-2596270E0C7A}]
2012-07-06 15:28 123552 ----a-w- c:\program files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F911591F-D659-40ed-B048-EB8F8E48AB00}"= "c:\windows\system32\MeAMHook64.dll" [2012-07-06 137376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
LSP: c:\program files (x86)\Common Files\Netop\WebFilterLSP32.dll
TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E}: NameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79}: NameServer = 213.132.63.25 80.227.2.4
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Wow6432Node-HKCU-Run-Steam - c:\juegos\STEAM\Steam.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
AddRemove-Steam App 10500 - c:\juegos\STEAM\steam.exe
AddRemove-Schwert und Speer Ultimat - c:\juegos\Medieval II Gold\mods\Schwert_und_Speer_Ultimat\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
"{0C15547E-1715-7E04-070C-016F04636665}"=hex:00,00,00,00,dc,07,07,00,06,00,0e,
00,0c,00,2b,00,30,00,41,01,1e,00,00,00,1d,1d,1d,1d,dc,07,07,00,06,00,0e,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-19 03:46:04
ComboFix-quarantined-files.txt 2012-08-18 23:46
.
Vor Suchlauf: 17 Verzeichnis(se), 15.298.342.912 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 15.540.895.744 Bytes frei
.
- - End Of File - - FFB09625614EE2CB9C563FEFB3532A5E

Broni · Aug 19, 2012

Looks good

Any current issues?

========================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jasso · Aug 19, 2012

No, no current issues but I haven't tried anything like updating windows or installing any programs yet because the guidelines say not to do that till you say the system is clean...

OTL.txt:

OTL logfile created on: 19.08.2012 20:09:09 - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\JaS_2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,09% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,79 Gb Total Space | 15,28 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
Drive F: | 140,62 Gb Total Space | 4,69 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 17,25 Gb Free Space | 3,70% Space Free | Partition Type: NTFS
Drive J: | 10,25 Gb Total Space | 1,12 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive L: | 3,69 Gb Total Space | 0,18 Gb Free Space | 4,76% Space Free | Partition Type: FAT32
Drive M: | 2,59 Gb Total Space | 2,27 Gb Free Space | 87,90% Space Free | Partition Type: FAT32

Computer Name: JFORCE | User Name: JaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.19 20:05:46 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\JaS_2\Desktop\OTL.exe
PRC - [2012.07.11 12:48:34 | 000,933,464 | ---- | M] (Research In Motion) -- C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
PRC - [2012.07.06 19:28:30 | 001,651,872 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
PRC - [2012.07.06 19:28:30 | 000,418,464 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
PRC - [2012.07.06 19:28:30 | 000,202,912 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
PRC - [2012.07.06 19:28:30 | 000,181,920 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
PRC - [2012.03.26 22:35:04 | 002,066,256 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2012.03.15 09:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011.12.14 15:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.28 22:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 22:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.11.02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.11.02 01:54:56 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2011.08.03 15:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.07 23:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- c:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2010.05.04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

========== Modules (No Company Name) ==========

MOD - [2011.07.29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.07.14 21:58:23 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_de_31bf3856ad364e35\PresentationUI.resources.dll
MOD - [2009.07.14 21:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 21:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 08:56:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009.07.14 08:56:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009.07.14 08:55:48 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\9947d788273c36b0cf511b07f582a591\PresentationUI.ni.dll
MOD - [2009.07.14 08:55:47 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009.07.14 08:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 08:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 08:55:23 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009.07.14 08:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009.07.14 08:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 08:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 08:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 08:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.07.06 19:28:30 | 000,181,920 | ---- | M] (Netop Business Solutions A/S) [Auto | Running] -- C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe -- (MeSuWTS)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.15 09:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.02.29 10:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.20 01:38:54 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.14 15:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.11.28 22:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.03 15:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.07 23:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 11:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.14 16:43:01 | 000,022,176 | ---- | M] ($COMPANY_NAME_LONG$) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mekbd.sys -- (mekbd)
DRV:64bit: - [2012.07.14 16:43:01 | 000,020,640 | ---- | M] ($COMPANY_NAME_LONG$) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\memice.sys -- (memice)
DRV:64bit: - [2012.07.06 19:28:32 | 000,074,912 | ---- | M] (Netop Business Solutions A/S) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MeNet.sys -- (MENET)
DRV:64bit: - [2012.07.06 03:01:06 | 000,011,384 | ---- | M] (Netop Business Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\meddmrr.sys -- (meddmrr)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.28 21:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 21:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 21:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 21:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 21:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 21:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011.11.18 11:05:21 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.10.10 16:17:18 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.10 16:17:17 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.08.17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.08.17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.05.10 13:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.30 18:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.12.24 11:48:38 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.12.23 09:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2010.12.08 16:54:20 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2010.07.27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.05.29 02:36:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.05 18:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.21 04:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 05:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 05:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 05:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 04:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.12 21:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.06 04:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.03.18 19:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.02 01:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007.09.17 17:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.08.09 03:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009.07.14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.05.28 22:28:26 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCDNT.SYS -- (FDCDNT)
DRV - [2009.03.31 11:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 AF 1F 2D F0 8B CC 01 [binary data]
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes,DefaultScope = {20442835-DA5D-48B1-986A-2EACE5E7D214}
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{0C853630-218E-4289-BF99-D7A72FC81D7A}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{20442835-DA5D-48B1-986A-2EACE5E7D214}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 27 85 40 34 7D CD 01 [binary data]
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JaS\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JaS\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JaS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.04.03 23:01:58 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.16 20:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 02:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012.01.19 06:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{71A44B6B-42B9-4111-BD15-E67572E92A4C}: C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\FFExtension [2012.07.14 16:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.12.13 13:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 16:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.05.29 14:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JaS\AppData\Roaming\mozilla\Extensions
[2010.05.29 14:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JaS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.10 08:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 07:11:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.10 08:21:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.27 12:22:50 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.10.10 15:39:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 02:03:04 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.10 15:39:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.10 15:39:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 15:39:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 15:39:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 15:39:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.73.3_0\
CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Jasso · Aug 19, 2012

O1 HOSTS File: ([2012.08.19 03:40:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Web Lock Extension for Internet Explorer) - {CEA0E33C-A206-4996-980F-2596270E0C7A} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension64.dll (Netop Business Solutions A/S)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O2 - BHO: (Web Lock Extension for Internet Explorer) - {CEA0E33C-A206-4996-980F-2596270E0C7A} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll (Netop Business Solutions A/S)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ffpsrv] c:\Windows\ffpext\ffpsrv.exe ()
O4 - HKLM..\Run: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe (Netop Business Solutions A/S)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe (Chessware SA)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [HW_OPENEYE_OUC_du Mobile Broadband] C:\Program Files (x86)\du Mobile Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-KSQG3.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21}: DhcpNameServer = 192.168.10.85 192.168.10.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E}: NameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79}: NameServer = 213.132.63.25 80.227.2.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {F911591F-D659-40ed-B048-EB8F8E48AB00} - C:\Windows\SysNative\MeAMHook64.dll (Netop Business Solutions A/S)
O28 - HKLM ShellExecuteHooks: {F911591F-D659-40ed-B048-EB8F8E48AB00} - C:\Windows\SysWOW64\MeAmHook32.dll (Netop Business Solutions A/S)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.31 12:35:30 | 000,000,102 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.07.19 17:36:58 | 000,000,112 | RH-- | M] () - M:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.19 03:46:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.19 03:46:07 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\temp
[2012.08.19 01:54:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.19 01:54:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.19 01:54:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.19 01:54:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.19 01:54:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.19 01:02:56 | 000,000,000 | ---D | C] -- C:\Users\JaS\Desktop\rkill
[2012.08.18 15:38:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.18 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.17 19:27:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.08.16 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.08.11 10:10:25 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2012.08.11 10:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2012.08.11 10:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2012.08.07 00:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012.08.07 00:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012.08.07 00:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2012.08.06 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\JaS\Documents\Magic Briefcase
[2012.08.06 21:59:35 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\SugarSync
[2012.08.06 21:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SugarSync
[2012.08.01 14:45:35 | 000,000,000 | ---D | C] -- C:\xampp
[2012.08.01 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\Macromedia
[2012.07.31 16:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012.07.31 16:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012.07.31 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2012.07.29 23:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012.07.26 16:46:54 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012.07.26 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2012.07.26 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2012.07.21 22:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer

========== Files - Modified Within 30 Days ==========

[2012.08.19 20:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.19 19:37:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000UA.job
[2012.08.19 19:05:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.19 10:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.19 03:40:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.19 01:32:11 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012.08.19 00:37:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000Core.job
[2012.08.18 15:55:25 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.18 15:55:25 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.18 15:55:25 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.18 15:55:25 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.18 15:55:25 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.17 21:28:40 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.17 16:23:37 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 16:23:36 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 12:06:11 | 000,000,610 | ---- | M] () -- C:\Users\JaS\Desktop\XAMPP Control Panel.lnk
[2012.08.11 10:10:25 | 000,000,947 | ---- | M] () -- C:\Users\JaS\Desktop\XMind.lnk
[2012.08.06 22:02:36 | 000,000,766 | ---- | M] () -- C:\Users\JaS\Desktop\Magic Briefcase.lnk
[2012.08.06 21:59:31 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
[2012.08.06 21:34:11 | 544,879,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.31 20:50:27 | 000,711,240 | ---- | M] () -- C:\Windows\is-KSQG3.exe
[2012.07.31 20:50:27 | 000,012,842 | ---- | M] () -- C:\Windows\is-KSQG3.msg
[2012.07.31 20:50:27 | 000,000,441 | ---- | M] () -- C:\Windows\is-KSQG3.lst
[2012.07.30 00:42:40 | 000,711,098 | ---- | M] () -- C:\Users\JaS\Desktop\Restaurant_Design_11.jpg
[2012.07.30 00:15:10 | 000,075,072 | ---- | M] () -- C:\Users\JaS\Desktop\design-boutique-hotel-kyoto-the-screen-restaurant.jpg
[2012.07.29 23:30:43 | 222,070,843 | ---- | M] () -- C:\Users\JaS\Desktop\Rockstar Games Social Club.rar
[2012.07.29 23:28:40 | 000,001,051 | ---- | M] () -- C:\Users\JaS\Desktop\Orbit.lnk
[2012.07.26 16:53:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012.07.26 16:47:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012.07.21 22:40:52 | 000,000,928 | ---- | M] () -- C:\Users\JaS\Desktop\PDF-Viewer.lnk

========== Files Created - No Company Name ==========

[2012.08.19 01:54:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.19 01:54:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.19 01:54:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.19 01:54:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.19 01:54:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.19 01:32:11 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012.08.16 12:06:11 | 000,000,610 | ---- | C] () -- C:\Users\JaS\Desktop\XAMPP Control Panel.lnk
[2012.08.11 10:10:25 | 000,000,947 | ---- | C] () -- C:\Users\JaS\Desktop\XMind.lnk
[2012.08.06 22:02:36 | 000,000,766 | ---- | C] () -- C:\Users\JaS\Desktop\Magic Briefcase.lnk
[2012.08.06 21:59:31 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
[2012.08.06 21:59:31 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
[2012.07.31 20:50:27 | 000,711,240 | ---- | C] () -- C:\Windows\is-KSQG3.exe
[2012.07.31 20:50:27 | 000,012,842 | ---- | C] () -- C:\Windows\is-KSQG3.msg
[2012.07.31 20:50:27 | 000,000,441 | ---- | C] () -- C:\Windows\is-KSQG3.lst
[2012.07.30 00:42:39 | 000,711,098 | ---- | C] () -- C:\Users\JaS\Desktop\Restaurant_Design_11.jpg
[2012.07.30 00:15:08 | 000,075,072 | ---- | C] () -- C:\Users\JaS\Desktop\design-boutique-hotel-kyoto-the-screen-restaurant.jpg
[2012.07.29 23:28:53 | 000,069,632 | ---- | C] ( ) -- C:\nporbit.dll
[2012.07.26 16:53:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2012.07.26 16:47:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2012.07.21 22:40:52 | 000,000,928 | ---- | C] () -- C:\Users\JaS\Desktop\PDF-Viewer.lnk
[2011.10.14 11:40:56 | 000,000,680 | RHS- | C] () -- C:\Users\JaS\ntuser.pol
[2011.08.03 05:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.08 12:07:54 | 000,002,528 | ---- | C] () -- C:\Users\JaS\AppData\Roaming\$_hpcst$.hpc
[2011.06.01 21:57:36 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.01.22 20:01:25 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 17:41:34 | 000,001,035 | ---- | C] () -- C:\Users\JaS\AppData\Roaming\SAS7_000.DAT
[2010.12.24 19:59:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.07 08:20:51 | 000,006,100 | ---- | C] () -- C:\Users\JaS\.erpclient.properties
[2010.11.06 21:13:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.20 11:22:29 | 000,004,096 | -H-- | C] () -- C:\Users\JaS\AppData\Local\keyfile3.drm
[2010.05.29 17:10:24 | 000,000,090 | --S- | C] () -- C:\Users\JaS\Verknüpfung mit Desktop

========== LOP Check ==========

[2010.08.24 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Actior
[2010.09.06 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Auslogics
[2011.06.11 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\BOM
[2012.06.09 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DAEMON Tools Lite
[2010.10.09 15:24:04 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DeepBurner
[2011.12.21 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Dropbox
[2010.11.15 05:22:45 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DVDVideoSoft
[2012.04.30 00:37:11 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\elsterformular
[2010.09.01 11:35:43 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\EPSON
[2011.06.01 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\FreeAudioPack
[2010.09.16 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\FTPRush
[2010.11.16 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\G-Lock Software
[2011.10.10 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\GameRanger
[2011.04.02 11:39:12 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\GrabPro
[2012.02.21 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\JAM Software
[2011.06.22 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\ManyCam
[2010.10.27 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012.07.14 16:43:48 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Netop
[2010.05.29 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Notepad++
[2012.05.16 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Opera
[2012.07.31 08:24:25 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Orbit
[2011.06.08 11:51:36 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\PC Suite
[2011.09.19 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\pdfforge
[2010.10.24 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\ProgSense
[2010.05.30 01:45:43 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\RouterControl
[2011.06.08 12:08:28 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Samsung
[2010.12.07 08:20:51 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Scopevisio
[2010.06.01 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Serif
[2012.06.26 13:49:44 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Splashtop Remote Client
[2010.12.06 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Stardock
[2011.04.18 20:21:21 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\TeamViewer
[2011.10.22 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\The Creative Assembly
[2010.07.20 16:32:54 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Thinstall
[2010.05.29 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Thunderbird
[2012.05.01 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\TrueCrypt
[2010.12.27 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Tunngle
[2011.07.21 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Unity
[2012.02.21 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\uTorrent
[2011.06.15 23:06:32 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Vodafone
[2011.01.05 06:31:18 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Watchtower
[2010.12.06 16:30:49 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Wieldy
[2010.10.13 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Windows Live Writer
[2011.06.22 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\XMedia Recode
[2010.10.28 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\YCanPDF
[2012.03.23 03:23:00 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Auslogics
[2012.05.19 22:45:41 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Blackberry Desktop
[2012.06.25 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\DAEMON Tools Lite
[2012.06.17 13:10:22 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband
[2012.04.30 00:34:45 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\elsterformular
[2012.06.01 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\GrabPro
[2012.01.24 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\gtk-2.0
[2012.08.01 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Netop
[2011.11.25 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Notepad++
[2012.06.26 15:10:45 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Opera
[2012.08.02 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Orbit
[2011.10.30 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\ProgSense
[2012.07.26 16:49:06 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Research In Motion
[2012.06.14 02:02:49 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\RSBasic
[2012.07.07 11:48:42 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Sharp
[2012.07.19 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\SignagePlayer.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2012.07.03 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Splashtop Remote Client
[2011.10.22 00:31:36 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Stardock
[2011.12.20 23:44:04 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\TeamViewer
[2011.10.22 00:34:26 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\The Creative Assembly
[2012.05.19 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Thinstall
[2012.06.01 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Thunderbird
[2012.01.20 05:59:25 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Titanium
[2011.11.18 11:11:54 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\TrueCrypt
[2012.08.19 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\uTorrent
[2011.11.13 15:22:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F

< End of report >

Jasso · Aug 19, 2012

Extras.txt:

OTL Extras logfile created on: 19.08.2012 20:09:09 - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\JaS_2\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,09% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 87,79 Gb Total Space | 15,28 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
Drive F: | 140,62 Gb Total Space | 4,69 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 17,25 Gb Free Space | 3,70% Space Free | Partition Type: NTFS
Drive J: | 10,25 Gb Total Space | 1,12 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive L: | 3,69 Gb Total Space | 0,18 Gb Free Space | 4,76% Space Free | Partition Type: FAT32
Drive M: | 2,59 Gb Total Space | 2,27 Gb Free Space | 87,90% Space Free | Partition Type: FAT32

Computer Name: JFORCE | User Name: JaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12E16CEC-F6C4-4250-93DF-3A747903CD00}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13A30E21-D416-457E-9C6C-5F0A0840BD07}" = rport=445 | protocol=6 | dir=out | app=system |
"{2BF4AF42-C573-426B-8C2A-33137846E0F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FEE34AE-2434-46B6-B5B2-8FC5254D3078}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B0F294B-85EC-48E2-8C64-502FD7C4F400}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{540CCF54-998D-431F-92A2-CCE6EB9027C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{638B2911-015E-41FC-AA3E-1B45F976380D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D48EA71-75B2-4A63-B411-3A07DA953BA1}" = lport=60003 | protocol=6 | dir=in | name=vision thinshare peer-to-peer connection |
"{73F38A97-2120-4C29-A07C-056FE2C1003D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7F0AE14A-93FC-4D37-935C-A52E0401322B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81570A54-6C56-4C60-9159-287F1290E95D}" = rport=139 | protocol=6 | dir=out | app=system |
"{89E8F6D1-D9ED-4281-90AA-37473E404AF2}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{A48F2734-5E20-43C6-8A51-7306010460BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{A52EB046-227E-41A2-8AB3-98ECB750496D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AA334AD0-EA11-42B8-B335-C7A93E91C883}" = lport=60003 | protocol=17 | dir=in | name=vision thinshare multipoint connection |
"{C01A2FFD-6735-46D1-94E7-0DA99DB66480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB25417F-734F-4708-9606-A431B9C44CC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{D44858FD-5712-41AE-B4A3-282683492739}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D9E963F4-DC4E-4787-8429-860F76289B25}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE34F22D-5F88-456A-8760-A60EB2DC9328}" = lport=60003 | protocol=6 | dir=in | name=vision thinshare peer-to-peer connection |
"{DEFE39BC-9826-4D76-8949-D708F1BDAF4E}" = lport=60003 | protocol=17 | dir=in | name=vision thinshare multipoint connection |
"{DF42116D-3008-4ABA-A349-597DC66B23C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E74B9806-0B63-4BC8-B4D6-B8A74DE3104E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F372F8C7-8834-4721-860A-779BCA205BE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4632CCC-7775-41FA-9F06-11109295FFA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00267C2D-6FEB-452C-81AF-603B0235E8BC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04099B5B-E8CA-48BF-9489-E18C9E35CEB9}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
"{0FB5425D-313E-4A88-AB4A-361667AE2662}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
"{10899239-4E3E-409A-BCB1-ED5B2F0779ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{112E9996-7D19-43B0-99F4-99881ADD43F3}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
"{23C83364-A7E6-4CA5-8494-ECBF29528CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
"{2738C933-359F-468A-AF52-8263425810FA}" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
"{29DE1F9E-3A1C-4270-ABD8-197E4A6DC504}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3.exe |
"{2CC82F86-CE28-418D-9894-7785B05D9B7E}" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
"{2D30295D-B8D8-40D7-B785-C147F40CA871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2E1D7EB0-0292-425B-89AF-1F5A0A6535C6}" = protocol=6 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{30659563-9144-4629-8641-97B24525CA01}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
"{30BA117B-989D-4D58-A209-45A6B321FAFB}" = protocol=17 | dir=in | app=c:\juegos\steam\steam.exe |
"{31C91AA8-EDE9-46EB-B6E8-D279482FF3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{32BA0B89-FF6E-426B-B7F7-E8EB7A9862FF}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{334DB573-772F-49D6-A4C2-4B4D12DF5CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
"{3569A110-9D9F-4DA8-9560-953EB195C6C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3BFEA701-1608-4F0E-997B-F6AB28AE48A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E246DC3-3C16-4921-B804-27C4C4408611}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{45A8C95C-16AE-4017-BE3E-2886F7C8D44B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{51F2E700-1489-4858-B1BE-7FA3C9983A37}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3x.exe |
"{525BF3AD-4C13-42B1-A834-5096921185D7}" = protocol=6 | dir=in | app=c:\juegos\steam\steam.exe |
"{691C9B21-8DB0-4A22-92DB-6A4B0A6AD1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
"{6960C14F-3980-4E79-9B67-3175B6508726}" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
"{6B9398FD-4B94-4E6C-93AC-AFF045F2CCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6BE8F65D-8E2B-4076-A401-4235E2715117}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7025EC00-0BA1-496D-A573-E5BB557C7ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{707BA3DC-BCF2-4FF7-980B-54CF1F234B96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{726B2EC5-BF78-4DA5-9075-411CDE705C45}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
"{73B6189F-50EC-4DB3-A1F7-7CFCF0CCD171}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{752E3CA3-7724-4AE0-80CB-F2B52275F10B}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3y.exe |
"{7AC5E1C1-3D2E-4E4D-8CF5-7B914B49D8FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B5BDDF5-755D-4069-9F2A-961D9624C49D}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{7CA0246D-1DCD-448B-BEF6-1D163BE667F9}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
"{7E7BF071-EB51-4052-A862-B2CA6499E008}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3.exe |
"{7FA9645D-4AFA-49E5-AFDB-756D04D4ACDB}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3y.exe |
"{824D9216-5E95-4CEE-88F5-1CF42DB610BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8C902DA7-0532-48D9-BD26-40BADC5CD3CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EDDDC47-BCF2-4956-9559-7E9C2B5F343A}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
"{90E4E9F2-1391-4BE6-B4F7-9418975C47A8}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
"{993E7240-57AE-4DA5-AE88-F20ACF272EE0}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3x.exe |
"{9F3DFFA4-950B-409C-ADCB-7133C42E729C}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
"{A12F35FD-8DB4-47BE-8975-0857BCD3AB69}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{A4017165-F78D-4632-A009-217F0CF2DFAB}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{BCE15929-DB96-49AA-9BC9-78669ABAC6EB}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
"{BE2575F5-6B7E-4E8B-88F2-EFCC7DFFCD6B}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{C2363BA0-3E60-4C97-BF26-16F630C579B0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{CBEB45F1-DABA-44B2-B3E8-3678FF1D9E28}" = protocol=17 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{D3ABE164-34F9-4930-851F-BAF9A772FB3F}" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
"{D7AE2BAA-A497-460A-BD03-D3969A26F8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
"{D8B7013F-F655-4D66-B4FA-FE23330604EA}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
"{DD6FFE94-5FB7-45A2-A873-B6073AD1EE44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0D321DC-2342-4798-AA89-EB6D19BD2CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
"{E21360B8-1061-43F4-A3AD-2530C7C1C354}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9C14C23-8B56-4B7A-9A59-92C8C2F47918}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EE1AD3FF-B240-48C7-9E12-CE3F6678093F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F6603412-601F-4C12-85D3-88A8C9A015EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F67BA98C-3EE6-4C72-A7BE-C05926BD5258}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F771B8B5-B233-4B39-B2EA-60E196E5F1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{FB99BE6A-2D68-4396-8AFD-B9F227CDB420}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{14E5FEE4-93AC-4C4F-BAAF-4AE8FCFFCBFF}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{2321B0E5-46CE-451A-8689-4ACB094875AB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{2FEAF80A-BCDE-4986-AAEE-6C614323D745}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{3D7F91D4-FD58-4A36-B0B8-091B30DACF8C}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{4B4A297A-21A3-4A39-8610-3977E0DE6649}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe |
"TCP Query User{599728FF-E478-484C-8336-1ECCDDAE4022}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{5BEF38BA-8D4E-498E-930E-59655FDD3CA0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5CE0277B-C435-4550-B13D-D7D1487730A9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B8D4D609-F189-43A6-A9A9-D218A7170315}C:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C46F0B15-C5E8-42D1-8059-26BD5F148436}C:\juegos\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\juegos\medieval ii total war\medieval2.exe |
"TCP Query User{CE2A2F9A-8C50-49DC-81F5-56D27563764F}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{D6D1BCC0-A90D-4520-A9DF-BBC15AA1FDD5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E72544E8-B61B-48F8-83A4-E88CB53AF2AB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{E92CAC62-866B-4D6D-80AE-1EB3B70496BE}C:\juegos\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=c:\juegos\medieval ii total war\kingdoms.exe |
"TCP Query User{EC80FC96-1CA6-4D8C-971F-09C66A447352}C:\program files (x86)\srware iron\iron.exe" = protocol=6 | dir=in | app=c:\program files (x86)\srware iron\iron.exe |
"TCP Query User{ED7F4BB2-A212-4A8E-B81C-2DBF5291460D}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{1B60D72E-2615-4D17-979A-7CA27DCE4788}C:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3EDA6315-3D88-4FCC-93C8-DA1A5B835FE5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{459C7A83-A082-47A7-A38A-BAD84FA38A13}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{5A6C712B-2F97-4EA8-9202-242F862E86B6}C:\juegos\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=c:\juegos\medieval ii total war\kingdoms.exe |
"UDP Query User{8AECB391-A6B8-4529-9059-485DCCE80496}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{954E3DE3-B062-4573-86DE-117582F6FE70}C:\program files (x86)\srware iron\iron.exe" = protocol=17 | dir=in | app=c:\program files (x86)\srware iron\iron.exe |
"UDP Query User{993B15CB-43EF-42D8-9C9E-81E684B1F2A1}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{A448843C-35C7-43E5-B271-B56F80AE993B}C:\juegos\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\juegos\medieval ii total war\medieval2.exe |
"UDP Query User{AA877D47-2363-4051-AC34-A4A2C7F5B85E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{B2B4B459-F447-418D-9AD0-72EBF3D135FC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BAD71237-0762-48EC-903A-B4D31C29D0BD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{C58B27EB-BDE2-4B8D-87AE-DDACB20704B8}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe |
"UDP Query User{C6680BAD-1139-433E-8F6C-8DEA9FE73E97}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{D7F13A8F-96E9-4E55-8955-DCBD52DDC2A9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{EDB90185-7BB4-4407-80C5-0F0D1205A5DF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{F758C009-A0F2-4D1C-B824-C1414DF835C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Jasso · Aug 19, 2012

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E895E63-0AC5-11DD-97E2-000A94026593}" = Vision
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.00.1406" = Opera Next 12.00 beta build 1406
"Recuva" = Recuva
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"uTorrent" = µTorrent
"Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0296BF9F-93C1-47A4-805B-46545CACBE31}" = SHARP Pen Software
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE8DBBC-8BBC-A40A-B5F1-62BE13D721C6}" = Market Samurai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{344A1884-A298-4740-8B7A-3DC3F17F652C}" = Serif WebPlus Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A494132F-11D7-4376-BD56-9ADCDC69BA67}" = CNTDesigner
"{A588FF79-CFDD-4FB1-B2D3-FED2DC884B52}" = Watchtower Library 2009 - Deutsch
"{A7D5AAA9-7C58-45D6-BBA4-FF9002F5BBE1}" = SHARP Pen Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 19.0.1100.0
"{C8983823-DCEA-4064-B7DA-FE3871F2231E}" = Click-N-Type
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-0 (All Users)
"Android SDK Tools" = Android SDK Tools
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Biet-O-Matic v2.12.9" = Biet-O-Matic v2.12.9
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CamAlert_is1" = CamAlert II
"ColorPic" = ColorPic
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DivX Setup" = DivX-Setup
"du Mobile Broadband" = du Mobile Broadband
"Easy Keyboard Manager_is1" = Easy Keyboard Manager 1.0.0
"EasyCash&Tax_is1" = EasyCash&Tax 1.48
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fast Blog Finder 3_is1" = Fast Blog Finder 3
"FastStone Capture" = FastStone Capture 5.3
"Fences" = Fences
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"GOM Player" = GOM Player
"IETester" = IETester v0.4.6 (remove only)
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"Kernel EML Viewer_is1" = Kernel EML Viewer ver 10.09.01
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Metro-Naval" = Metro-Naval 1.9
"Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Multiple File Search Replace_is1" = Multiple File Search Replace 2.30
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Offline Downloader" = Offline Downloader
"Orbit_is1" = Orbit Downloader
"Polipo" = Polipo 1.0.4.1
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"RouterControl" = RouterControl 2.0
"ST5UNST #1" = PixLin
"Steam App 10500" = Empire: Total War
"SugarSync" = SugarSync Manager
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamViewer 7" = TeamViewer 7
"Tor" = Tor 0.2.2.34
"Touch-It_is1" = Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
"TreeSize Free_is1" = TreeSize Free V2.6
"TrueCrypt" = TrueCrypt
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"Vidalia" = Vidalia 0.2.15
"WebSpider2" = Xaldon WebSpider2
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.7.7
"XMind" = XMind
"YouTube Song Downloader_is1" = YouTube Song Downloader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0 A.D." = 0 A.D.
"Opera 11.64.1403" = Opera 11.64

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 24.10.2011 15:16:16 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ OSession Events ]
Error - 05.01.2011 05:55:04 | Computer Name = JForce | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1248
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17.08.2012 13:28:37 | Computer Name = JForce | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\FDCDNT.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 17.08.2012 13:29:18 | Computer Name = JForce | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 17.08.2012 13:29:19 | Computer Name = JForce | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 17.08.2012 13:29:31 | Computer Name = JForce | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FDCDNT

Error - 17.08.2012 13:29:34 | Computer Name = JForce | Source = Service Control Manager | ID = 7034
Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 17.08.2012 15:59:27 | Computer Name = JForce | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 18.08.2012 18:48:14 | Computer Name = JForce | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 18.08.2012 19:00:44 | Computer Name = JForce | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 18.08.2012 19:40:26 | Computer Name = JForce | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 19.08.2012 04:26:56 | Computer Name = JForce | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

< End of report >

Broni · Aug 19, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk = File not found
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Jasso · Aug 19, 2012

I ran the OTL fix you provided and after it was done it rebooted my machine but it did not produce a log file, what to do?

Broni · Aug 19, 2012

Re-run the fix from safe mode.

Jasso · Aug 19, 2012

Ok, I think it would have worked without safe mode if I had only started OTL again once the PC finished rebooting because when I went into safe mode and started OTL, instead of OTL, the log file popped up. But since I wasnt sure if thats the log file, I re-ran the fix anyway. So herewith I am posting both log files, the one from the first run in normal mode and from the second run, which was in safe mode:

1st run (normal mode) log:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
Registry value HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
ADS C:\ProgramData\TEMP:7FFED16F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JaS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 46194895 bytes
->FireFox cache emptied: 94373856 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3073 bytes

User: JaS_2
->Temp folder emptied: 2701191 bytes
->Temporary Internet Files folder emptied: 5498203 bytes
->Java cache emptied: 7919 bytes
->FireFox cache emptied: 119679505 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 15262099 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 271,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JaS
->Java cache emptied: 0 bytes

User: JaS_2
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JaS
->Flash cache emptied: 0 bytes

User: JaS_2
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.58.0 log created on 08192012_210252

Files\Folders moved on Reboot...
File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\api[1].htm moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\button-flex-blue2[1].png moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\tick-blue[1].png moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3EAHHAE\background-banner-middle-v9[1].jpg moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLYVBY4J\background_banner_7_de[1].jpg moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\api[1].htm moved successfully.
C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\background-banner-right-v9[1].jpg moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...
[2011.10.22 00:31:40 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\api[1].htm not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\button-flex-blue2[1].png not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\tick-blue[1].png not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3EAHHAE\background-banner-middle-v9[1].jpg not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLYVBY4J\background_banner_7_de[1].jpg not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\api[1].htm not found!
File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\background-banner-right-v9[1].jpg not found!
File C:\Windows\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

2nd run (safe mode) log:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
Registry key HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
File move failed. C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ not found.
File C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:7FFED16F .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JaS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JaS_2
->Temp folder emptied: 18894 bytes
->Temporary Internet Files folder emptied: 148174 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10119009 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JaS
->Java cache emptied: 0 bytes

User: JaS_2
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JaS
->Flash cache emptied: 0 bytes

User: JaS_2
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.58.0 log created on 08192012_213937

Files\Folders moved on Reboot...
File\Folder C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk not found!
File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk not found!
[2012.08.19 21:41:28 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Broni · Aug 19, 2012

Good

Go on...

Jasso · Aug 20, 2012

Wow the Eset Online scan took several hours. But finally, here are all the logs:

SecurityCheck LOG:

Results of screen317's Security Check version 0.99.46
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 1.62.0.1300
Java(TM) 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_19
Java version out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Mozilla Thunderbird (14.0.)
Google Chrome 15.0.874.121
Google Chrome 16.0.912.63
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Farbar Service Scanner (FSS) LOG:

Farbar Service Scanner Version: 06-08-2012
Ran by JaS (administrator) on 19-08-2012 at 22:11:21
Running from "C:\Users\JaS_2\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
\Windows\System32\nsisvc.dll => MD5 is legit
\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
\Windows\System32\dhcpcore.dll => MD5 is legit
\Windows\System32\drivers\afd.sys => MD5 is legit
\Windows\System32\drivers\tdx.sys => MD5 is legit
\Windows\System32\Drivers\tcpip.sys
[2009-07-14 03:25] - [2009-07-14 05:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

\Windows\System32\dnsrslvr.dll
[2009-07-14 03:21] - [2009-07-14 05:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

\Windows\System32\mpssvc.dll
[2009-07-14 04:09] - [2009-07-14 05:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

\Windows\System32\bfe.dll => MD5 is legit
\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
\Windows\System32\SDRSVC.dll
[2009-07-14 03:36] - [2009-07-14 05:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

\Windows\System32\vssvc.exe => MD5 is legit
\Windows\System32\wscsvc.dll => MD5 is legit
\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
\Windows\System32\wuaueng.dll => MD5 is legit
\Windows\System32\qmgr.dll => MD5 is legit
\Windows\System32\es.dll => MD5 is legit
\Windows\System32\cryptsvc.dll => MD5 is legit
\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
\Windows\System32\svchost.exe => MD5 is legit
\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Temp File Cleaner (TFC):
no log

ESET Online Scanner LOG:

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\TF.Corporate.PremiumWP.Bundle.rar PHP/Agent.AS trojan deleted - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_for_ikea-home-planner.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_furnish-pro.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_meine-wohnung-click-design.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_sweet-home-3d.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
F:\Prog Backups\eSitegrinder__-_Keygen.rar a variant of Win32/Injector.BPU trojan deleted - quarantined
F:\Prog Backups\Nero10Lite_www.softvnn.com.rar Win32/Packed.Autoit.C.Gen application deleted - quarantined
F:\Prog Backups\Port.AICS3_g3n_downarchive.rar probably a variant of Win32/IRCBot.LFSWIOM trojan deleted - quarantined

Broni · Aug 20, 2012

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Jasso · Aug 21, 2012

Hi, when I try to download and install the latest JAVA version from the link you provided, the online verification tells me I have the latest version already installed (Version 7 Update 5). What to do? Download and install it manually?

Broni · Aug 21, 2012

In that case you're fine.
Go on with other steps.

Jasso · Aug 21, 2012

OTL FIX LOG:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JaS
->Temp folder emptied: 88861 bytes
->Temporary Internet Files folder emptied: 53001 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: JaS_2
->Temp folder emptied: 259610 bytes
->Temporary Internet Files folder emptied: 7480664 bytes
->Java cache emptied: 1853 bytes
->FireFox cache emptied: 58922980 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2159 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1754 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 9618363 bytes

Total Files Cleaned = 73,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: JaS
->Flash cache emptied: 0 bytes

User: JaS_2
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JaS
->Java cache emptied: 0 bytes

User: JaS_2
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.0 log created on 08212012_094352

Files\Folders moved on Reboot...
File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.08.19 22:15:44 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
[2012.08.21 09:46:30 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Broni · Aug 21, 2012

13. Please, let me know, how your computer is doing.

Broni · Aug 26, 2012

The issue seems to be reolved.

Solved Worried - system compromised?

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 12 +0

Posts: 12 +0

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 12 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads