TechSpot

Worried - system compromised?

By Jasso
Aug 18, 2012
  1. Hello all, I really hope you can help.

    There are several issues that make me believe my system has been compromised:
    It started with me occasionally hearing someone else working on a computer through my speakers when a browser is open (still happens). As soon as the browser is closed it stops. Then yesterday I wanted to install Photoshop but it kept saying "Adobe Application Manager has stopped working", I tried everything but the problems remained and also I could not completely clean my pc from any Adobe stuff to try if that helps because strangely Adobe's own command line remover tool does not find any of the installed programs such as Flashplayer either, so I decided to update windows. I must say I have not done so since May so I went to the windows control panel and tried to download the "92 important updates". However it does not download even though my internet connection is working perfectly. So I read about this issues and found that a reason might be that my system has been infected.

    Before I came here I had already scanned with the following programs:
    Avast, Malware Bytes and Kaspersky TDDSKiller..nothing found, only thing that Kaspersky says is this: Locked file, Service: sptd, Service Type: Kernel Driver (0x1), Service Start: Boot (0x0), C:\\Windows\system32\Drivers\sptd.sys, plus the MD5 Number.

    So now here are the logs generated while following your step by step guide:
    BTW, I was not able to save any of the Scanner generated log files to my desktop. After saving they were not there. Only when I saved it into the "C:" directory itself, it worked.

    AVAST Scan: Nothing found

    MALWARE BYTES LOG:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.31.10

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    JaS_2 :: JFORCE [limited]

    18.08.2012 21:34:39
    mbam-log-2012-08-18 (21-34-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 155968
    Time elapsed: 4 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER LOG:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-18 23:34:11
    Windows 6.1.7600
    Running: hdlg6v9b.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675abd4e
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675abd4e (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xC6 0xFB 0x12 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0xF6 0xE2 0x45 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x07 0xF1 0x7C ...

    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 29696 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{f86910d0-a34a-11e1-a759-002618a84d06}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\webStorage 0 bytes
    File C:\## aswSnx private storage\webStorage\attrib 0 bytes
    File C:\## aswSnx private storage\webStorage\image 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CHROME.EXE-2AC80AEA.pf 45272 bytes
    File C:\## aswSnx private storage\webStorage\snx_fs.dat 472 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS LOG:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by JaS at 0:04:15 on 2012-08-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2358 [GMT 4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    c:\xampp\filezillaftp\filezillaserver.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Windows\ffpext\ffpsrv.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
    C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
    C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.orbitdownloader.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
    mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
    BHO: Web Lock Extension for Internet Explorer: {cea0e33c-a206-4996-980f-2596270e0c7a} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    uRun: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S47EC.tmp" /EF "HKCU"
    uRun: [Google Update] "C:\Users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Steam] "C:\Juegos\STEAM\Steam.exe" -silent
    uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
    mRun: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
    StartupFolder: C:\Users\JaS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Presentation Support Tool.lnk - C:\Program Files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: RF - Formular ausfüllen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RF - Formular speichern - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: RF - Menü anpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: RF - RoboForm-Leiste ein/aus - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    LSP: C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21} : DhcpNameServer = 192.168.10.85 192.168.10.10
    TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E} : NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\05149435 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\4505D2C494E4B4F5932433445403 : DhcpNameServer = 192.168.10.85 192.168.10.10
    TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\458627565635471627370254C656364727F6E6963635 : DhcpNameServer = 192.168.10.85 192.168.10.10
    TCP: Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}\E47494 : DhcpNameServer = 213.42.20.20 195.229.241.222
    TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79} : NameServer = 213.132.63.25 80.227.2.4
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
    SEH: App-Control: {f911591f-d659-40ed-b048-eb8f8e48ab00} - C:\Windows\SysWOW64\MeAmHook32.dll
    {000123B4-9B42-4900-B3F7-F4B073EFC214}
    {326E768D-4182-46FD-9C16-1449A49795F4}
    {53707962-6F74-2D53-2644-206D7942484F}
    {724d43a9-0d85-11d4-9908-00400523e39a}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    {cd90bf73-20f6-44ef-993d-bb920303bd2e}
    {CEA0E33C-A206-4996-980F-2596270E0C7A}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    TB-X64: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
    {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    {cd90bf73-20f6-44ef-993d-bb920303bd2e}
    {724d43a0-0d85-11d4-9908-00400523e39a}
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe
    mRun-x64: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-KSQG3.exe" /REG /REGSVRMODE
    App-Control
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 MENET;MENET;C:\Windows\system32\Drivers\MENET.SYS --> C:\Windows\system32\Drivers\MENET.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-16 44768]
    R2 MeSuWTS;Vision WTS Helper;C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe [2012-7-6 181920]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-26 2255464]
    R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
    R3 meddmrr;meddmrr;C:\Windows\system32\DRIVERS\meddmrr.sys --> C:\Windows\system32\DRIVERS\meddmrr.sys [?]
    R3 mekbd;mekbd;C:\Windows\system32\Drivers\mekbd.sys --> C:\Windows\system32\Drivers\mekbd.sys [?]
    R3 memice;memice;C:\Windows\system32\Drivers\memice.sys --> C:\Windows\system32\Drivers\memice.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-13 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
    S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-14 136176]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
    S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
    S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 655944]
    .
    =============== Created Last 30 ================
    .
    2012-08-18 11:38:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-18 10:51:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-18 10:51:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-11 06:09:58 -------- d-----w- C:\Program Files (x86)\XMind
    2012-08-06 20:09:15 -------- d-----w- C:\ProgramData\Research In Motion
    2012-08-06 20:09:05 -------- d-----w- C:\Program Files (x86)\Research In Motion
    2012-08-06 17:59:35 -------- d-----w- C:\Users\JaS\AppData\Local\SugarSync
    2012-08-06 17:59:23 -------- d-----w- C:\Program Files (x86)\SugarSync
    2012-08-01 10:45:35 -------- d-----w- C:\xampp
    2012-08-01 10:18:02 -------- d-----w- C:\Users\JaS\AppData\Local\Macromedia
    2012-07-31 16:50:27 711240 ----a-w- C:\Windows\is-KSQG3.exe
    2012-07-31 12:13:14 -------- d-----w- C:\ProgramData\YTD Video Downloader
    2012-07-31 12:13:08 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
    2012-07-29 19:28:53 69632 ----a-w- C:\nporbit.dll
    2012-07-26 12:46:54 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
    2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
    2012-07-26 12:46:07 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
    2012-07-21 18:40:54 164120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    .
    ==================== Find3M ====================
    .
    2012-07-14 12:43:01 22176 ----a-w- C:\Windows\System32\drivers\mekbd.sys
    2012-07-14 12:43:01 20640 ----a-w- C:\Windows\System32\drivers\memice.sys
    2012-07-06 15:28:32 74912 ----a-w- C:\Windows\System32\drivers\MeNet.sys
    2012-07-06 15:28:32 200352 ----a-w- C:\Windows\System32\VisionLoginCredentialProvider.dll
    2012-07-06 15:28:32 137376 ----a-w- C:\Windows\System32\MeAMHook64.dll
    2012-07-06 15:28:30 121504 ----a-w- C:\Windows\SysWow64\MeAmHook32.dll
    2012-07-06 15:28:24 176800 ----a-w- C:\Windows\System32\meddxl.dll
    2012-07-06 15:28:24 14496 ----a-w- C:\Windows\System32\meddaux.dll
    2012-07-05 23:01:06 49784 ----a-w- C:\Windows\System32\meddmrr.dll
    2012-07-05 23:01:06 11384 ----a-w- C:\Windows\System32\drivers\meddmrr.sys
    2012-07-03 09:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 11:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
    .
    ============= FINISH: 0:04:58,57 ===============

    DDS ATTACH:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27.05.2010 17:21:56
    System Uptime: 18.08.2012 10:03:12 (14 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K70IO
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Socket 478 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 88 GiB total, 8,065 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 141 GiB total, 4,686 GiB free.
    J: is FIXED (NTFS) - 10 GiB total, 1,124 GiB free.
    K: is CDROM ()
    L: is Removable
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP411: 17.08.2012 18:48:24 - Revo Uninstaller's restore point - Adobe AIR
    RP412: 17.08.2012 18:53:34 - Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
    RP413: 17.08.2012 18:55:23 - Revo Uninstaller's restore point - Adobe Download Assistant
    RP414: 17.08.2012 18:55:41 - Removed Adobe Download Assistant
    RP415: 17.08.2012 19:24:35 - Revo Uninstaller's restore point - Adobe Flash Player 11 ActiveX
    RP416: 17.08.2012 19:26:45 - Revo Uninstaller's restore point - Adobe AIR
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 11 Plugin
    Advertising Center
    Age of Empires III
    Age of Empires III - The Asian Dynasties
    Age of Empires III - The WarChiefs
    Android SDK Tools
    Audacity 1.2.6
    Auslogics Disk Defrag
    avast! Free Antivirus
    Biet-O-Matic v2.12.9
    BlackBerry Desktop Software 7.1
    BlackBerry Device Software Updater
    CamAlert II
    Click-N-Type
    CNTDesigner
    ColorPic
    Combined Community Codec Pack 2011-11-11
    Corel Graphics - Windows Shell Extension
    D3DX10
    DHTML Editing Component
    DivX-Setup
    DolbyFiles
    Dropbox
    du Mobile Broadband
    Easy Keyboard Manager 1.0.0
    EasyCash&Tax 1.48
    ElsterFormular
    Empire: Total War
    EPSON Scan
    Fast Blog Finder 3
    FastStone Capture 5.3
    Fences
    Free Mp3 Wma Converter V 1.93
    GOM Player
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IETester v0.4.6 (remove only)
    Java 2 Runtime Environment, SE v1.4.2_19
    Java Auto Updater
    Java(TM) 6 Update 26
    JDownloader
    Junk Mail filter update
    K-Lite Codec Pack 6.0.4 (Basic)
    Kernel EML Viewer ver 10.09.01
    Malwarebytes Anti-Malware Version 1.62.0.1300
    Market Samurai
    Medieval II Total War
    Medieval II Total War : Kingdoms : Americas
    Medieval II Total War : Kingdoms : Britannia
    Medieval II Total War : Kingdoms : Crusades
    Medieval II Total War : Kingdoms : Teutonic
    Menu Templates - Starter Kit
    Metro-Naval 1.9
    Microsoft Keyboard Layout Creator 1.4
    Microsoft Office Access MUI (German) 2007
    Microsoft Office 2007
    Microsoft Office Excel MUI (German) 2007
    Microsoft Office Groove MUI (German) 2007
    Microsoft Office InfoPath MUI (German) 2007
    Microsoft Office OneNote MUI (German) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (German) 2007
    Microsoft Office PowerPoint MUI (German) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proofing (German) 2007
    Microsoft Office Publisher MUI (German) 2007
    Microsoft Office Shared MUI (German) 2007
    Microsoft Office Word MUI (German) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
    Mozilla Firefox 4.0b7 (x86 de)
    Mozilla Firefox 8.0 (x86 de)
    Mozilla Thunderbird 14.0 (x86 en-US)
    MPEG2 Codec(libmpeg2/mad)
    MSVCRT
    MSVCRT_amd64
    Multiple File Search Replace 2.30
    Nero BurnLite 10
    Nero Control Center 10
    Nero ControlCenter
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Installer
    Nero Update
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Offline Downloader
    Orbit Downloader
    PC Connectivity Solution
    PDFCreator
    PixLin
    Polipo 1.0.4.1
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    RoboForm 7-7-0 (All Users)
    RocketDock 1.3.5
    Rome - Total War - Gold Edition
    RouterControl 2.0
    Samsung New PC Studio USB Driver Installer
    Schwert und Speer Ultimat
    Serif WebPlus Starter Edition
    SHARP Pen Software
    Skype Click to Call
    Skype™ 5.8
    Splashtop Remote Client
    Spybot - Search & Destroy
    SRWare Iron Version SRWare Iron 19.0.1100.0
    Steam
    SugarSync Manager
    SUPER © Version 2010.bld.42 (Nov 7, 2010)
    System Requirements Lab CYRI
    TeamViewer 7
    Tor 0.2.2.34
    Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
    TreeSize Free V2.6
    TrueCrypt
    Turbo Lister 2
    Unity Web Player
    VC80CRTRedist - 8.0.50727.6195
    Veoh Web Player
    Veoh Web Player Toolbar
    Vidalia 0.2.15
    Watchtower Library 2009 - Deutsch
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xaldon WebSpider2
    XAMPP 1.7.7
    XMind
    YouTube Song Downloader
    YTD Video Downloader 3.9
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Jasso

    Jasso TS Rookie Topic Starter

    Thanks a lot for the swift response!

    rKILL LOG:

    Rkill 2.2.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/19/2012 01:02:49 AM in x64 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband\ouc.exe (PID: 3620) [UP-HEUR]
    * C:\Windows\ffpext\ffpsrv.exe (PID: 3972) [WD-HEUR]
    * C:\Program Files\Waterfox\firefox.exe (PID: 2000) [FI]

    3 proccesses terminated!

    Checking Registry for malware related settings.

    * Advanced Explorer Setting Removed: HideIcons [HKCU]
    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\JaS\Desktop\rkill\rkill-08-19-2012-01-02-56.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * No issues found.

    Checking Windows Service Integrity:

    * AppMgmt [Missing Service]
    * CscService [Missing Service]
    * PeerDistSvc [Missing Service]
    * UmRdpService [Missing Service]

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\user32.dll [NoSig]
    +-> C:\Windows\SysWOW64\user32.dll : 833.024 : 05/27/2010 06:48 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1.008.640 : 07/14/2009 00:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
    +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833.024 : 07/14/2009 00:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]

    Program finished at: 08/19/2012 01:03:16 AM
    Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)


    aswMBR LOG (did not ask me to update the virus definitions):

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-19 01:07:58
    -----------------------------
    01:07:58.079 OS Version: Windows x64 6.1.7600
    01:07:58.079 Number of processors: 2 586 0x170A
    01:07:58.097 ComputerName: JFORCE UserName: JaS
    01:07:58.771 Initialize success
    01:07:58.879 AVAST engine defs: 12081800
    01:09:44.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    01:09:44.103 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 11
    01:09:44.134 Disk 0 MBR read successfully
    01:09:44.140 Disk 0 MBR scan
    01:09:44.148 Disk 0 unknown MBR code
    01:09:44.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    01:09:44.177 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89900 MB offset 206848
    01:09:44.202 Disk 0 Partition 3 00 82 Linux swap 1431 MB offset 184322048
    01:09:44.208 Disk 0 Partition - 00 05 Extended 213812 MB offset 187254782
    01:09:44.225 Disk 0 Partition 4 00 83 Linux 11633 MB offset 187254784
    01:09:44.234 Disk 0 Partition - 00 05 Extended 47684 MB offset 211079168
    01:09:44.280 Disk 0 scanning C:\Windows\system32\drivers
    01:09:54.237 Service scanning
    01:10:14.712 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    01:10:22.760 Modules scanning
    01:10:22.762 Disk 0 trace - called modules:
    01:10:22.792 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043cf2c0]<<spnj.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    01:10:22.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800468c060]
    01:10:22.794 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800451c180]
    01:10:22.795 5 ACPI.sys[fffff8800103a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044f2060]
    01:10:22.796 \Driver\atapi[0xfffffa80044e4e70] -> IRP_MJ_CREATE -> 0xfffffa80043cf2c0
    01:10:23.532 AVAST engine scan C:\Windows
    01:10:26.097 AVAST engine scan C:\Windows\system32
    01:13:19.216 AVAST engine scan C:\Windows\system32\drivers
    01:13:29.716 AVAST engine scan C:\Users\JaS
    01:26:43.003 AVAST engine scan C:\ProgramData
    01:30:07.481 Scan finished successfully
    01:32:11.886 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
    01:32:11.914 The log file has been saved successfully to "C:\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. Jasso

    Jasso TS Rookie Topic Starter

    COMBOFIX LOG (The total log is almost 650,000 characters long and 4/5 (rather more) of the log is about just 3 programs. So these 3 parts I have shortened but in case you really need them in full, let me know.

    <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<ComboFix 12-08-18.03 - JaS 19.08.2012 1:58.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.1874 [GMT 4:00]
    ausgeführt von:: c:\users\JaS_2\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\juegos
    c:\juegos\AoE III\1025\dwintl.dll
    c:\juegos\AoE III\1028\dwintl.dll
    c:\juegos\AoE III\1028\msiloadr.bin
    c:\juegos\AoE III\1028\webloadr.bin
    c:\juegos\AoE III\1029\dwintl.dll
    c:\juegos\AoE III\1030\dwintl.dll
    c:\juegos\AoE III\1031\dwintl.dll
    c:\juegos\AoE III\1031\msiloadr.bin
    c:\juegos\AoE III\1031\webloadr.bin
    c:\juegos\AoE III\1032\dwintl.dll
    c:\juegos\AoE III\1033\dwintl.dll
    c:\juegos\AoE III\1033\msiloadr.bin
    c:\juegos\AoE III\1033\webloadr.bin
    c:\juegos\AoE III\1035\dwintl.dll
    c:\juegos\AoE III\1036\dwintl.dll
    c:\juegos\AoE III\1036\msiloadr.bin
    c:\juegos\AoE III\1036\webloadr.bin
    c:\juegos\AoE III\1037\dwintl.dll
    c:\juegos\AoE III\1038\dwintl.dll
    c:\juegos\AoE III\1040\dwintl.dll
    c:\juegos\AoE III\1040\msiloadr.bin
    c:\juegos\AoE III\1040\webloadr.bin
    c:\juegos\AoE III\1041\dwintl.dll
    c:\juegos\AoE III\1041\msiloadr.bin
    c:\juegos\AoE III\1041\webloadr.bin
    c:\juegos\AoE III\1042\dwintl.dll
    c:\juegos\AoE III\1042\msiloadr.bin
    c:\juegos\AoE III\1042\webloadr.bin
    c:\juegos\AoE III\1043\dwintl.dll
    c:\juegos\AoE III\1044\dwintl.dll
    c:\juegos\AoE III\1045\dwintl.dll
    c:\juegos\AoE III\1046\dwintl.dll
    c:\juegos\AoE III\1048\dwintl.dll
    c:\juegos\AoE III\1049\dwintl.dll
    c:\juegos\AoE III\1050\dwintl.dll
    c:\juegos\AoE III\1051\dwintl.dll
    c:\juegos\AoE III\1053\dwintl.dll
    c:\juegos\AoE III\1054\dwintl.dll
    c:\juegos\AoE III\1055\dwintl.dll
    c:\juegos\AoE III\1060\dwintl.dll
    c:\juegos\AoE III\2052\dwintl.dll
    c:\juegos\AoE III\2052\msiloadr.bin
    c:\juegos\AoE III\2052\webloadr.bin
    c:\juegos\AoE III\2070\dwintl.dll
    c:\juegos\AoE III\3076\dwintl.dll
    c:\juegos\AoE III\3082\dwintl.dll
    c:\juegos\AoE III\3082\msiloadr.bin
    c:\juegos\AoE III\3082\webloadr.bin
    c:\juegos\AoE III\Age 3 Web.url
    c:\juegos\AoE III\age3.exe
    c:\juegos\AoE III\Age3Launcher.exe
    c:\juegos\AoE III\age3x.exe
    c:\juegos\AoE III\Age3xLauncher.exe
    c:\juegos\AoE III\age3y.exe
    c:\juegos\AoE III\age3ymc.xml

    (this goes on and on, it looks like it's listing almost each and every file of the game)

    After AOE III, this one comes, even though not nearly as many entries as AOE II has its still a lot so here as well, I am posting just the first ones:

    c:\juegos\Medieval II Total War\binkw32.dll
    c:\juegos\Medieval II Total War\cine.dll
    c:\juegos\Medieval II Total War\custom\Vorherige Schlacht.cbx
    c:\juegos\Medieval II Total War\data\animations\pack.dat
    c:\juegos\Medieval II Total War\data\animations\pack.idx
    c:\juegos\Medieval II Total War\data\animations\skeletons.dat
    c:\juegos\Medieval II Total War\data\animations\skeletons.idx
    c:\juegos\Medieval II Total War\data\cursors\arrow.ani
    c:\juegos\Medieval II Total War\data\cursors\arrow.cur

    Next up is STEAM, approximately as many entries as Medieval has so again, here are just the first ones:

    c:\juegos\STEAM\appcache\appinfo.vdf
    c:\juegos\STEAM\appcache\httpcache\00\005de2ef0846a732532236a04f9094354e90f7d8_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\02\022c032514c7fd907e87f84658974691a8d094f5_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\04\0416913b6b8ebbaf3ac1e2f39204bf6dcc5691d3_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\04\04bb71d9ec3af16aab5fa7e2c403d2f437d80748_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\06\064bc47d310a5d9f5b3447edff4d701c230fbfc8_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\07\077d04fcfe201095cf13019f891a2998a995929c_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0a\0a026ea9dedc4e83596de84925c237f0ae97f20a_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0d\0d53b79003f050bfa24bcb046b62cbceeee59cdb_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0e\0e43b94649c20dd20ce664ebedd36455c230d82a_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0e\0ec8da2091a094bd503923a081963020f54b08b4_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0f\0f629328908aa78deb74e67c780f68037fbff6d1_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\0f\0f7c7f5a9226ec43479878542c4bc81a77f75df6_da39a3ee5e6b4b0d3255bfef95601890afd80709
    c:\juegos\STEAM\appcache\httpcache\10\104da077ab13

    The following are all the remaining entries not related to AOEIII, Medieval or STEAM:

    c:\users\JaS_2\AppData\Roaming\0ad
    c:\users\JaS_2\AppData\Roaming\0ad\cache\temp.0adsave
    c:\users\JaS_2\AppData\Roaming\0ad\config\user.cfg
    c:\users\JaS_2\AppData\Roaming\0ad\data\saves\quicksave-0001.0adsave
    c:\users\JaS_2\AppData\Roaming\0ad\data\saves\quicksave-0002.0adsave
    c:\users\JaS_2\AppData\Roaming\0ad\logs\interestinglog.html
    c:\users\JaS_2\AppData\Roaming\0ad\logs\mainlog.html
    c:\users\JaS_2\AppData\Roaming\0ad\logs\sim_log\15504\commands.txt
    c:\users\JaS_2\AppData\Roaming\0ad\logs\system_info.txt
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-07-18 bis 2012-08-18 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-18 11:38 . 2012-08-18 11:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-18 11:00 . 2012-08-18 11:00 -------- d-----w- c:\users\JaS_2\AppData\Local\Adobe
    2012-08-18 10:51 . 2012-08-18 10:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-18 10:51 . 2012-08-18 10:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 19:03 . 2012-08-15 19:03 53248 ----a-r- c:\users\JaS_2\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
    2012-08-11 06:09 . 2012-08-11 06:16 -------- d-----w- c:\program files (x86)\XMind
    2012-08-07 20:30 . 2012-08-12 23:16 -------- d-----w- c:\users\JaS_2\AppData\Local\SugarSync
    2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\programdata\Research In Motion
    2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Research In Motion
    2012-08-06 17:59 . 2012-08-06 18:01 -------- d-----w- c:\users\JaS\AppData\Local\SugarSync
    2012-08-06 17:59 . 2012-08-06 17:59 -------- d-----w- c:\program files (x86)\SugarSync
    2012-08-05 11:52 . 2012-08-05 11:52 -------- d-----w- c:\users\JaS_2\AppData\Local\Macromedia
    2012-08-01 10:45 . 2012-08-16 08:06 -------- d-----w- C:\xampp
    2012-08-01 10:18 . 2012-08-01 10:18 -------- d-----w- c:\users\JaS\AppData\Local\Macromedia
    2012-08-01 09:32 . 2012-08-01 09:32 -------- d-----w- c:\users\JaS_2\AppData\Roaming\Netop
    2012-07-31 16:50 . 2012-07-31 16:50 711240 ----a-w- c:\windows\is-KSQG3.exe
    2012-07-31 12:13 . 2012-07-31 12:13 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-31 12:13 . 2012-07-31 12:13 -------- d-----w- c:\program files (x86)\GreenTree Applications
    2012-07-29 19:28 . 2010-09-29 18:33 69632 ----a-w- C:\nporbit.dll
    2012-07-26 12:48 . 2012-08-15 13:02 -------- d-----w- c:\users\JaS_2\AppData\Local\Research In Motion
    2012-07-26 12:46 . 2011-07-20 09:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
    2012-07-26 12:46 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
    2012-07-26 12:46 . 2012-08-06 20:09 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
    2012-07-21 18:40 . 2009-10-27 08:22 164120 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-14 12:43 . 2012-07-14 12:43 22176 ----a-w- c:\windows\system32\drivers\mekbd.sys
    2012-07-14 12:43 . 2012-07-14 12:43 20640 ----a-w- c:\windows\system32\drivers\memice.sys
    2012-07-06 15:28 . 2012-07-06 15:28 74912 ----a-w- c:\windows\system32\drivers\MeNet.sys
    2012-07-06 15:28 . 2012-07-06 15:28 200352 ----a-w- c:\windows\system32\VisionLoginCredentialProvider.dll
    2012-07-06 15:28 . 2012-07-06 15:28 137376 ----a-w- c:\windows\system32\MeAMHook64.dll
    2012-07-06 15:28 . 2012-07-06 15:28 121504 ----a-w- c:\windows\SysWow64\MeAmHook32.dll
    2012-07-06 15:28 . 2012-07-06 15:28 176800 ----a-w- c:\windows\system32\meddxl.dll
    2012-07-06 15:28 . 2012-07-06 15:28 14496 ----a-w- c:\windows\system32\meddaux.dll
    2012-07-05 23:01 . 2012-07-05 23:01 49784 ----a-w- c:\windows\system32\meddmrr.dll
    2012-07-05 23:01 . 2012-07-05 23:01 11384 ----a-w- c:\windows\system32\drivers\meddmrr.sys
    2012-07-03 09:46 . 2011-08-23 12:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-18 17:33 . 2012-06-18 17:34 189360 ----a-w- c:\windows\system32\javaw.exe
    2012-06-18 17:33 . 2012-06-18 17:34 188840 ----a-w- c:\windows\system32\java.exe
    2012-06-02 22:19 . 2012-06-21 04:31 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 04:31 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 04:31 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 11:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 11:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe
    2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-05-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [-] 2010-05-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CEA0E33C-A206-4996-980F-2596270E0C7A}]
    2012-07-06 15:28 101024 ----a-w- c:\program files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeo0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-08-25 2816328]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2011-10-12 5407850]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-19 107000]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-07-13 9798776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
    "ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2009-05-29 81408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Touch-It"="c:\program files (x86)\TouchIt Keyboard\touchitf.exe" [2008-04-11 1150976]
    "MeUiHelper"="c:\program files (x86)\Netop\Vision\XL\meuihlp.exe" [2012-07-06 202912]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "InnoSetupRegFile.0000000001"="c:\windows\is-KSQG3.exe" [2012-07-31 711240]
    .
    c:\users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
    .
    c:\users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    SignagePlayer.lnk - c:\program files (x86)\SignagePlayer\SignagePlayer.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Presentation Support Tool.lnk - c:\program files (x86)\SHARP\SHARP Pen Software\PrsnSptTool.exe [2012-7-8 393216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{F911591F-D659-40ed-B048-EB8F8E48AB00}"= "c:\windows\SysWOW64\MeAmHook32.dll" [2012-07-06 121504]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 421376]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
    R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
    R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-28 834544]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2012-07-06 74912]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
    S2 MeSuWTS;Vision WTS Helper;c:\program files (x86)\Netop\Vision\XL\mesuwts.exe [2012-07-06 181920]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
    S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2012-07-05 11384]
    S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2012-07-14 22176]
    S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2012-07-14 20640]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Andere Dienste/Treiber im Speicher ---
    .
    *NewlyCreated* - 32065674
    *NewlyCreated* - 81408113
    *NewlyCreated* - ASWMBR
    *Deregistered* - 32065674
    *Deregistered* - 81408113
    *Deregistered* - aswMBR
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 14:21]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 14:21]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000Core.job
    - c:\users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 15:25]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000UA.job
    - c:\users\JaS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-08 15:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA0E33C-A206-4996-980F-2596270E0C7A}]
    2012-07-06 15:28 123552 ----a-w- c:\program files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\JaS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-07-13 05:17 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{F911591F-D659-40ed-B048-EB8F8E48AB00}"= "c:\windows\system32\MeAMHook64.dll" [2012-07-06 137376]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.orbitdownloader.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    LSP: c:\program files (x86)\Common Files\Netop\WebFilterLSP32.dll
    TCP: Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E}: NameServer = 213.132.63.25 80.227.2.4
    TCP: Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79}: NameServer = 213.132.63.25 80.227.2.4
    FF - ProfilePath -
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
    Wow6432Node-HKCU-Run-Steam - c:\juegos\STEAM\Steam.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
    AddRemove-Steam App 10500 - c:\juegos\STEAM\steam.exe
    AddRemove-Schwert und Speer Ultimat - c:\juegos\Medieval II Gold\mods\Schwert_und_Speer_Ultimat\Uninstal.exe
    .
    .
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
    "{0C15547E-1715-7E04-070C-016F04636665}"=hex:00,00,00,00,dc,07,07,00,06,00,0e,
    00,0c,00,2b,00,30,00,41,01,1e,00,00,00,1d,1d,1d,1d,dc,07,07,00,06,00,0e,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2012-08-19 03:46:04
    ComboFix-quarantined-files.txt 2012-08-18 23:46
    .
    Vor Suchlauf: 17 Verzeichnis(se), 15.298.342.912 Bytes frei
    Nach Suchlauf: 21 Verzeichnis(se), 15.540.895.744 Bytes frei
    .
    - - End Of File - - FFB09625614EE2CB9C563FEFB3532A5E
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    Any current issues?

    ========================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Jasso

    Jasso TS Rookie Topic Starter

    No, no current issues but I haven't tried anything like updating windows or installing any programs yet because the guidelines say not to do that till you say the system is clean...

    OTL.txt:

    OTL logfile created on: 19.08.2012 20:09:09 - Run 1
    OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\JaS_2\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,09% Memory free
    8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 87,79 Gb Total Space | 15,28 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
    Drive F: | 140,62 Gb Total Space | 4,69 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
    Drive H: | 465,76 Gb Total Space | 17,25 Gb Free Space | 3,70% Space Free | Partition Type: NTFS
    Drive J: | 10,25 Gb Total Space | 1,12 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
    Drive L: | 3,69 Gb Total Space | 0,18 Gb Free Space | 4,76% Space Free | Partition Type: FAT32
    Drive M: | 2,59 Gb Total Space | 2,27 Gb Free Space | 87,90% Space Free | Partition Type: FAT32

    Computer Name: JFORCE | User Name: JaS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.08.19 20:05:46 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\JaS_2\Desktop\OTL.exe
    PRC - [2012.07.11 12:48:34 | 000,933,464 | ---- | M] (Research In Motion) -- C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
    PRC - [2012.07.06 19:28:30 | 001,651,872 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\MeSuAx.exe
    PRC - [2012.07.06 19:28:30 | 000,418,464 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\Plugins\Chat\MChat.exe
    PRC - [2012.07.06 19:28:30 | 000,202,912 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\MeUiHlp.exe
    PRC - [2012.07.06 19:28:30 | 000,181,920 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe
    PRC - [2012.03.26 22:35:04 | 002,066,256 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    PRC - [2012.03.15 09:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    PRC - [2011.12.14 15:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2011.11.28 22:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
    PRC - [2011.11.28 22:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011.11.02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011.11.02 01:54:56 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    PRC - [2011.08.03 15:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011.08.03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011.07.29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011.06.07 23:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- c:\xampp\FileZillaFTP\FileZillaServer.exe
    PRC - [2010.05.04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011.07.29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011.07.29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009.07.14 21:58:23 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_de_31bf3856ad364e35\PresentationUI.resources.dll
    MOD - [2009.07.14 21:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
    MOD - [2009.07.14 21:58:13 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
    MOD - [2009.07.14 08:56:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
    MOD - [2009.07.14 08:56:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
    MOD - [2009.07.14 08:55:48 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\9947d788273c36b0cf511b07f582a591\PresentationUI.ni.dll
    MOD - [2009.07.14 08:55:47 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
    MOD - [2009.07.14 08:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
    MOD - [2009.07.14 08:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
    MOD - [2009.07.14 08:55:23 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
    MOD - [2009.07.14 08:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
    MOD - [2009.07.14 08:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
    MOD - [2009.07.14 08:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
    MOD - [2009.07.14 08:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
    MOD - [2009.07.14 08:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
    MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012.07.06 19:28:30 | 000,181,920 | ---- | M] (Netop Business Solutions A/S) [Auto | Running] -- C:\Program Files (x86)\Netop\Vision\XL\mesuwts.exe -- (MeSuWTS)
    SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012.03.15 09:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
    SRV - [2012.02.29 10:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.02.20 01:38:54 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011.12.14 15:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011.11.28 22:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011.08.03 15:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011.08.03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011.06.07 23:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
    SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2010.05.04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010.03.18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.06.11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008.04.07 11:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012.07.14 16:43:01 | 000,022,176 | ---- | M] ($COMPANY_NAME_LONG$) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mekbd.sys -- (mekbd)
    DRV:64bit: - [2012.07.14 16:43:01 | 000,020,640 | ---- | M] ($COMPANY_NAME_LONG$) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\memice.sys -- (memice)
    DRV:64bit: - [2012.07.06 19:28:32 | 000,074,912 | ---- | M] (Netop Business Solutions A/S) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MeNet.sys -- (MENET)
    DRV:64bit: - [2012.07.06 03:01:06 | 000,011,384 | ---- | M] (Netop Business Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\meddmrr.sys -- (meddmrr)
    DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011.11.28 21:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011.11.28 21:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011.11.28 21:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011.11.28 21:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011.11.28 21:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011.11.28 21:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011.11.25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011.11.18 11:05:21 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2011.10.10 16:17:18 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2011.10.10 16:17:17 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2011.08.17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2011.08.17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011.05.10 13:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011.01.30 18:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2010.12.24 11:48:38 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2010.12.23 09:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV:64bit: - [2010.12.08 16:54:20 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
    DRV:64bit: - [2010.07.27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2010.05.29 02:36:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009.10.05 18:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009.08.21 04:45:22 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009.07.14 05:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009.07.14 05:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009.07.14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 05:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009.07.14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009.07.14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.14 04:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009.06.12 21:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2009.06.11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.06.06 04:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2009.03.18 19:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009.03.02 01:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2007.09.17 17:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2007.08.09 03:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV - [2009.07.14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009.05.28 22:28:26 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCDNT.SYS -- (FDCDNT)
    DRV - [2009.03.31 11:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 AF 1F 2D F0 8B CC 01 [binary data]
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes,DefaultScope = {20442835-DA5D-48B1-986A-2EACE5E7D214}
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{0C853630-218E-4289-BF99-D7A72FC81D7A}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{20442835-DA5D-48B1-986A-2EACE5E7D214}: "URL" = http://www.google.de/search?q={searchTerms}
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 27 85 40 34 7D CD 01 [binary data]
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JaS\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JaS\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JaS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012.04.03 23:01:58 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.16 20:25:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 02:01:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012.01.19 06:07:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{71A44B6B-42B9-4111-BD15-E67572E92A4C}: C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\FFExtension [2012.07.14 16:42:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010.12.13 13:43:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:21:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.21 22:40:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 16:08:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2010.05.29 14:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JaS\AppData\Roaming\mozilla\Extensions
    [2010.05.29 14:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JaS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011.11.10 08:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.04.27 07:11:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011.11.10 08:21:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011.05.04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009.10.27 12:22:50 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    [2011.10.10 15:39:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2012.06.14 02:03:04 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011.10.10 15:39:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011.10.10 15:39:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
    [2011.10.10 15:39:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011.10.10 15:39:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011.10.10 15:39:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.73.3_0\
    CHR - Extension: No name found = C:\Users\JaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
     
  8. Jasso

    Jasso TS Rookie Topic Starter

    O1 HOSTS File: ([2012.08.19 03:40:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Web Lock Extension for Internet Explorer) - {CEA0E33C-A206-4996-980F-2596270E0C7A} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension64.dll (Netop Business Solutions A/S)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    O2 - BHO: (Web Lock Extension for Internet Explorer) - {CEA0E33C-A206-4996-980F-2596270E0C7A} - C:\Program Files (x86)\Netop\Vision\Plugins\WebLock\IEExtension\WebFilterIEExtension32.dll (Netop Business Solutions A/S)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [ffpsrv] c:\Windows\ffpext\ffpsrv.exe ()
    O4 - HKLM..\Run: [MeUiHelper] C:\Program Files (x86)\Netop\Vision\XL\meuihlp.exe (Netop Business Solutions A/S)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Touch-It] C:\Program Files (x86)\TouchIt Keyboard\touchitf.exe (Chessware SA)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [HW_OPENEYE_OUC_du Mobile Broadband] C:\Program Files (x86)\du Mobile Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
    O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-KSQG3.exe ()
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JaS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
    O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP64.dll (Netop Business Solutions A/S)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Netop\WebFilterLSP32.dll (Netop Business Solutions A/S)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0954EBB3-3356-48CF-811C-DFF647A62B8B}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE6014E-2566-4A28-AFDF-5816552FDEB6}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F641A04-4B01-4BE1-8133-F72F082FF073}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52269DFF-9D19-457E-9076-AC7AE3E21BE4}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DE9415E-43FE-4EEF-8B45-0B46E463D21D}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82C054A0-20B3-4F9A-98D1-56358DBBE4A2}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{926641CF-B0B7-4624-9A1E-33E3A750E359}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9791E060-1073-4A48-9E2A-6A1E2BD29F21}: DhcpNameServer = 192.168.10.85 192.168.10.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA12F39E-DFF2-4D13-911A-B5D2CB0CBC5E}: NameServer = 213.132.63.25 80.227.2.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAC239AB-690E-411F-BA86-8679B4CAA238}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE5B73E5-CA57-442B-A6E3-3D28825A5C79}: NameServer = 213.132.63.25 80.227.2.4
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
    O28:64bit: - HKLM ShellExecuteHooks: {F911591F-D659-40ed-B048-EB8F8E48AB00} - C:\Windows\SysNative\MeAMHook64.dll (Netop Business Solutions A/S)
    O28 - HKLM ShellExecuteHooks: {F911591F-D659-40ed-B048-EB8F8E48AB00} - C:\Windows\SysWOW64\MeAmHook32.dll (Netop Business Solutions A/S)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010.03.31 12:35:30 | 000,000,102 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2011.07.19 17:36:58 | 000,000,112 | RH-- | M] () - M:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.08.19 03:46:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012.08.19 03:46:07 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\temp
    [2012.08.19 01:54:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.08.19 01:54:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.08.19 01:54:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.08.19 01:54:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.08.19 01:54:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012.08.19 01:02:56 | 000,000,000 | ---D | C] -- C:\Users\JaS\Desktop\rkill
    [2012.08.18 15:38:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012.08.18 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2012.08.17 19:27:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012.08.16 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
    [2012.08.11 10:10:25 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
    [2012.08.11 10:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
    [2012.08.11 10:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
    [2012.08.07 00:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
    [2012.08.07 00:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
    [2012.08.07 00:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
    [2012.08.06 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\JaS\Documents\Magic Briefcase
    [2012.08.06 21:59:35 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\SugarSync
    [2012.08.06 21:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SugarSync
    [2012.08.01 14:45:35 | 000,000,000 | ---D | C] -- C:\xampp
    [2012.08.01 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\JaS\AppData\Local\Macromedia
    [2012.07.31 16:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
    [2012.07.31 16:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
    [2012.07.31 16:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
    [2012.07.29 23:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
    [2012.07.26 16:46:54 | 000,044,032 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
    [2012.07.26 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
    [2012.07.26 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
    [2012.07.21 22:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer

    ========== Files - Modified Within 30 Days ==========

    [2012.08.19 20:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.08.19 19:37:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000UA.job
    [2012.08.19 19:05:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.08.19 10:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.08.19 03:40:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.08.19 01:32:11 | 000,000,512 | ---- | M] () -- C:\MBR.dat
    [2012.08.19 00:37:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732390795-3526433701-2277339337-1000Core.job
    [2012.08.18 15:55:25 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.08.18 15:55:25 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2012.08.18 15:55:25 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.08.18 15:55:25 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2012.08.18 15:55:25 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.08.17 21:28:40 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
    [2012.08.17 16:23:37 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.08.17 16:23:36 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.08.16 12:06:11 | 000,000,610 | ---- | M] () -- C:\Users\JaS\Desktop\XAMPP Control Panel.lnk
    [2012.08.11 10:10:25 | 000,000,947 | ---- | M] () -- C:\Users\JaS\Desktop\XMind.lnk
    [2012.08.06 22:02:36 | 000,000,766 | ---- | M] () -- C:\Users\JaS\Desktop\Magic Briefcase.lnk
    [2012.08.06 21:59:31 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
    [2012.08.06 21:34:11 | 544,879,752 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012.07.31 20:50:27 | 000,711,240 | ---- | M] () -- C:\Windows\is-KSQG3.exe
    [2012.07.31 20:50:27 | 000,012,842 | ---- | M] () -- C:\Windows\is-KSQG3.msg
    [2012.07.31 20:50:27 | 000,000,441 | ---- | M] () -- C:\Windows\is-KSQG3.lst
    [2012.07.30 00:42:40 | 000,711,098 | ---- | M] () -- C:\Users\JaS\Desktop\Restaurant_Design_11.jpg
    [2012.07.30 00:15:10 | 000,075,072 | ---- | M] () -- C:\Users\JaS\Desktop\design-boutique-hotel-kyoto-the-screen-restaurant.jpg
    [2012.07.29 23:30:43 | 222,070,843 | ---- | M] () -- C:\Users\JaS\Desktop\Rockstar Games Social Club.rar
    [2012.07.29 23:28:40 | 000,001,051 | ---- | M] () -- C:\Users\JaS\Desktop\Orbit.lnk
    [2012.07.26 16:53:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    [2012.07.26 16:47:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    [2012.07.21 22:40:52 | 000,000,928 | ---- | M] () -- C:\Users\JaS\Desktop\PDF-Viewer.lnk

    ========== Files Created - No Company Name ==========

    [2012.08.19 01:54:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.08.19 01:54:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.08.19 01:54:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.08.19 01:54:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.08.19 01:54:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.08.19 01:32:11 | 000,000,512 | ---- | C] () -- C:\MBR.dat
    [2012.08.16 12:06:11 | 000,000,610 | ---- | C] () -- C:\Users\JaS\Desktop\XAMPP Control Panel.lnk
    [2012.08.11 10:10:25 | 000,000,947 | ---- | C] () -- C:\Users\JaS\Desktop\XMind.lnk
    [2012.08.06 22:02:36 | 000,000,766 | ---- | C] () -- C:\Users\JaS\Desktop\Magic Briefcase.lnk
    [2012.08.06 21:59:31 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk
    [2012.08.06 21:59:31 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk
    [2012.07.31 20:50:27 | 000,711,240 | ---- | C] () -- C:\Windows\is-KSQG3.exe
    [2012.07.31 20:50:27 | 000,012,842 | ---- | C] () -- C:\Windows\is-KSQG3.msg
    [2012.07.31 20:50:27 | 000,000,441 | ---- | C] () -- C:\Windows\is-KSQG3.lst
    [2012.07.30 00:42:39 | 000,711,098 | ---- | C] () -- C:\Users\JaS\Desktop\Restaurant_Design_11.jpg
    [2012.07.30 00:15:08 | 000,075,072 | ---- | C] () -- C:\Users\JaS\Desktop\design-boutique-hotel-kyoto-the-screen-restaurant.jpg
    [2012.07.29 23:28:53 | 000,069,632 | ---- | C] ( ) -- C:\nporbit.dll
    [2012.07.26 16:53:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    [2012.07.26 16:47:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    [2012.07.21 22:40:52 | 000,000,928 | ---- | C] () -- C:\Users\JaS\Desktop\PDF-Viewer.lnk
    [2011.10.14 11:40:56 | 000,000,680 | RHS- | C] () -- C:\Users\JaS\ntuser.pol
    [2011.08.03 05:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011.06.08 12:07:54 | 000,002,528 | ---- | C] () -- C:\Users\JaS\AppData\Roaming\$_hpcst$.hpc
    [2011.06.01 21:57:36 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2011.01.22 20:01:25 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.01.06 17:41:34 | 000,001,035 | ---- | C] () -- C:\Users\JaS\AppData\Roaming\SAS7_000.DAT
    [2010.12.24 19:59:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2010.12.07 08:20:51 | 000,006,100 | ---- | C] () -- C:\Users\JaS\.erpclient.properties
    [2010.11.06 21:13:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010.08.20 11:22:29 | 000,004,096 | -H-- | C] () -- C:\Users\JaS\AppData\Local\keyfile3.drm
    [2010.05.29 17:10:24 | 000,000,090 | --S- | C] () -- C:\Users\JaS\Verknüpfung mit Desktop

    ========== LOP Check ==========

    [2010.08.24 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Actior
    [2010.09.06 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Auslogics
    [2011.06.11 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\BOM
    [2012.06.09 01:38:33 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DAEMON Tools Lite
    [2010.10.09 15:24:04 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DeepBurner
    [2011.12.21 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Dropbox
    [2010.11.15 05:22:45 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\DVDVideoSoft
    [2012.04.30 00:37:11 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\elsterformular
    [2010.09.01 11:35:43 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\EPSON
    [2011.06.01 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\FreeAudioPack
    [2010.09.16 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\FTPRush
    [2010.11.16 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\G-Lock Software
    [2011.10.10 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\GameRanger
    [2011.04.02 11:39:12 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\GrabPro
    [2012.02.21 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\JAM Software
    [2011.06.22 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\ManyCam
    [2010.10.27 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2012.07.14 16:43:48 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Netop
    [2010.05.29 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Notepad++
    [2012.05.16 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Opera
    [2012.07.31 08:24:25 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Orbit
    [2011.06.08 11:51:36 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\PC Suite
    [2011.09.19 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\pdfforge
    [2010.10.24 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\ProgSense
    [2010.05.30 01:45:43 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\RouterControl
    [2011.06.08 12:08:28 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Samsung
    [2010.12.07 08:20:51 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Scopevisio
    [2010.06.01 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Serif
    [2012.06.26 13:49:44 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Splashtop Remote Client
    [2010.12.06 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Stardock
    [2011.04.18 20:21:21 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\TeamViewer
    [2011.10.22 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\The Creative Assembly
    [2010.07.20 16:32:54 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Thinstall
    [2010.05.29 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Thunderbird
    [2012.05.01 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\TrueCrypt
    [2010.12.27 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Tunngle
    [2011.07.21 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Unity
    [2012.02.21 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\uTorrent
    [2011.06.15 23:06:32 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Vodafone
    [2011.01.05 06:31:18 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Watchtower
    [2010.12.06 16:30:49 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Wieldy
    [2010.10.13 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\Windows Live Writer
    [2011.06.22 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\XMedia Recode
    [2010.10.28 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\JaS\AppData\Roaming\YCanPDF
    [2012.03.23 03:23:00 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Auslogics
    [2012.05.19 22:45:41 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Blackberry Desktop
    [2012.06.25 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\DAEMON Tools Lite
    [2012.06.17 13:10:22 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\du Mobile Broadband
    [2012.04.30 00:34:45 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\elsterformular
    [2012.06.01 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\GrabPro
    [2012.01.24 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\gtk-2.0
    [2012.08.01 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Netop
    [2011.11.25 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Notepad++
    [2012.06.26 15:10:45 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Opera
    [2012.08.02 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Orbit
    [2011.10.30 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\ProgSense
    [2012.07.26 16:49:06 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Research In Motion
    [2012.06.14 02:02:49 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\RSBasic
    [2012.07.07 11:48:42 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Sharp
    [2012.07.19 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\SignagePlayer.86EE3EEE54D7DB049D16E358CDC443F088917621.1
    [2012.07.03 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Splashtop Remote Client
    [2011.10.22 00:31:36 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Stardock
    [2011.12.20 23:44:04 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\TeamViewer
    [2011.10.22 00:34:26 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\The Creative Assembly
    [2012.05.19 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Thinstall
    [2012.06.01 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Thunderbird
    [2012.01.20 05:59:25 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\Titanium
    [2011.11.18 11:11:54 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\TrueCrypt
    [2012.08.19 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\JaS_2\AppData\Roaming\uTorrent
    [2011.11.13 15:22:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F

    < End of report >
     
  9. Jasso

    Jasso TS Rookie Topic Starter

    Extras.txt:

    OTL Extras logfile created on: 19.08.2012 20:09:09 - Run 1
    OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\JaS_2\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,09% Memory free
    8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 87,79 Gb Total Space | 15,28 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
    Drive F: | 140,62 Gb Total Space | 4,69 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
    Drive H: | 465,76 Gb Total Space | 17,25 Gb Free Space | 3,70% Space Free | Partition Type: NTFS
    Drive J: | 10,25 Gb Total Space | 1,12 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
    Drive L: | 3,69 Gb Total Space | 0,18 Gb Free Space | 4,76% Space Free | Partition Type: FAT32
    Drive M: | 2,59 Gb Total Space | 2,27 Gb Free Space | 87,90% Space Free | Partition Type: FAT32

    Computer Name: JFORCE | User Name: JaS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12E16CEC-F6C4-4250-93DF-3A747903CD00}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{13A30E21-D416-457E-9C6C-5F0A0840BD07}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2BF4AF42-C573-426B-8C2A-33137846E0F4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2FEE34AE-2434-46B6-B5B2-8FC5254D3078}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3B0F294B-85EC-48E2-8C64-502FD7C4F400}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{540CCF54-998D-431F-92A2-CCE6EB9027C4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{638B2911-015E-41FC-AA3E-1B45F976380D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6D48EA71-75B2-4A63-B411-3A07DA953BA1}" = lport=60003 | protocol=6 | dir=in | name=vision thinshare peer-to-peer connection |
    "{73F38A97-2120-4C29-A07C-056FE2C1003D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7F0AE14A-93FC-4D37-935C-A52E0401322B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{81570A54-6C56-4C60-9159-287F1290E95D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{89E8F6D1-D9ED-4281-90AA-37473E404AF2}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{A48F2734-5E20-43C6-8A51-7306010460BF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A52EB046-227E-41A2-8AB3-98ECB750496D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{AA334AD0-EA11-42B8-B335-C7A93E91C883}" = lport=60003 | protocol=17 | dir=in | name=vision thinshare multipoint connection |
    "{C01A2FFD-6735-46D1-94E7-0DA99DB66480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CB25417F-734F-4708-9606-A431B9C44CC8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D44858FD-5712-41AE-B4A3-282683492739}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{D9E963F4-DC4E-4787-8429-860F76289B25}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DE34F22D-5F88-456A-8760-A60EB2DC9328}" = lport=60003 | protocol=6 | dir=in | name=vision thinshare peer-to-peer connection |
    "{DEFE39BC-9826-4D76-8949-D708F1BDAF4E}" = lport=60003 | protocol=17 | dir=in | name=vision thinshare multipoint connection |
    "{DF42116D-3008-4ABA-A349-597DC66B23C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E74B9806-0B63-4BC8-B4D6-B8A74DE3104E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F372F8C7-8834-4721-860A-779BCA205BE3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F4632CCC-7775-41FA-9F06-11109295FFA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00267C2D-6FEB-452C-81AF-603B0235E8BC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{04099B5B-E8CA-48BF-9489-E18C9E35CEB9}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
    "{0FB5425D-313E-4A88-AB4A-361667AE2662}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
    "{10899239-4E3E-409A-BCB1-ED5B2F0779ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{112E9996-7D19-43B0-99F4-99881ADD43F3}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
    "{23C83364-A7E6-4CA5-8494-ECBF29528CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
    "{2738C933-359F-468A-AF52-8263425810FA}" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
    "{29DE1F9E-3A1C-4270-ABD8-197E4A6DC504}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3.exe |
    "{2CC82F86-CE28-418D-9894-7785B05D9B7E}" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
    "{2D30295D-B8D8-40D7-B785-C147F40CA871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2E1D7EB0-0292-425B-89AF-1F5A0A6535C6}" = protocol=6 | dir=in | app=c:\program files\opera next x64\opera.exe |
    "{30659563-9144-4629-8641-97B24525CA01}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
    "{30BA117B-989D-4D58-A209-45A6B321FAFB}" = protocol=17 | dir=in | app=c:\juegos\steam\steam.exe |
    "{31C91AA8-EDE9-46EB-B6E8-D279482FF3CB}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{32BA0B89-FF6E-426B-B7F7-E8EB7A9862FF}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{334DB573-772F-49D6-A4C2-4B4D12DF5CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
    "{3569A110-9D9F-4DA8-9560-953EB195C6C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{3BFEA701-1608-4F0E-997B-F6AB28AE48A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{3E246DC3-3C16-4921-B804-27C4C4408611}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{45A8C95C-16AE-4017-BE3E-2886F7C8D44B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{51F2E700-1489-4858-B1BE-7FA3C9983A37}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3x.exe |
    "{525BF3AD-4C13-42B1-A834-5096921185D7}" = protocol=6 | dir=in | app=c:\juegos\steam\steam.exe |
    "{691C9B21-8DB0-4A22-92DB-6A4B0A6AD1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
    "{6960C14F-3980-4E79-9B67-3175B6508726}" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
    "{6B9398FD-4B94-4E6C-93AC-AFF045F2CCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{6BE8F65D-8E2B-4076-A401-4235E2715117}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{7025EC00-0BA1-496D-A573-E5BB557C7ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{707BA3DC-BCF2-4FF7-980B-54CF1F234B96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{726B2EC5-BF78-4DA5-9075-411CDE705C45}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
    "{73B6189F-50EC-4DB3-A1F7-7CFCF0CCD171}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{752E3CA3-7724-4AE0-80CB-F2B52275F10B}" = protocol=6 | dir=in | app=c:\juegos\aoe iii\age3y.exe |
    "{7AC5E1C1-3D2E-4E4D-8CF5-7B914B49D8FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7B5BDDF5-755D-4069-9F2A-961D9624C49D}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
    "{7CA0246D-1DCD-448B-BEF6-1D163BE667F9}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
    "{7E7BF071-EB51-4052-A862-B2CA6499E008}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3.exe |
    "{7FA9645D-4AFA-49E5-AFDB-756D04D4ACDB}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3y.exe |
    "{824D9216-5E95-4CEE-88F5-1CF42DB610BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8C902DA7-0532-48D9-BD26-40BADC5CD3CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{8EDDDC47-BCF2-4956-9559-7E9C2B5F343A}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
    "{90E4E9F2-1391-4BE6-B4F7-9418975C47A8}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
    "{993E7240-57AE-4DA5-AE88-F20ACF272EE0}" = protocol=17 | dir=in | app=c:\juegos\aoe iii\age3x.exe |
    "{9F3DFFA4-950B-409C-ADCB-7133C42E729C}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
    "{A12F35FD-8DB4-47BE-8975-0857BCD3AB69}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
    "{A4017165-F78D-4632-A009-217F0CF2DFAB}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
    "{BCE15929-DB96-49AA-9BC9-78669ABAC6EB}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\mpointer.exe |
    "{BE2575F5-6B7E-4E8B-88F2-EFCC7DFFCD6B}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
    "{C2363BA0-3E60-4C97-BF26-16F630C579B0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{CBEB45F1-DABA-44B2-B3E8-3678FF1D9E28}" = protocol=17 | dir=in | app=c:\program files\opera next x64\opera.exe |
    "{D3ABE164-34F9-4930-851F-BAF9A772FB3F}" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
    "{D7AE2BAA-A497-460A-BD03-D3969A26F8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\plugins\chat\mchat.exe |
    "{D8B7013F-F655-4D66-B4FA-FE23330604EA}" = protocol=6 | dir=in | app=c:\program files (x86)\netop\vision\plugins\pointer\ssview.exe |
    "{DD6FFE94-5FB7-45A2-A873-B6073AD1EE44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E0D321DC-2342-4798-AA89-EB6D19BD2CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\netop\vision\xl\mesuax.exe |
    "{E21360B8-1061-43F4-A3AD-2530C7C1C354}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E9C14C23-8B56-4B7A-9A59-92C8C2F47918}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{EE1AD3FF-B240-48C7-9E12-CE3F6678093F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F6603412-601F-4C12-85D3-88A8C9A015EC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{F67BA98C-3EE6-4C72-A7BE-C05926BD5258}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F771B8B5-B233-4B39-B2EA-60E196E5F1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{FB99BE6A-2D68-4396-8AFD-B9F227CDB420}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{14E5FEE4-93AC-4C4F-BAAF-4AE8FCFFCBFF}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "TCP Query User{2321B0E5-46CE-451A-8689-4ACB094875AB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{2FEAF80A-BCDE-4986-AAEE-6C614323D745}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "TCP Query User{3D7F91D4-FD58-4A36-B0B8-091B30DACF8C}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{4B4A297A-21A3-4A39-8610-3977E0DE6649}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe |
    "TCP Query User{599728FF-E478-484C-8336-1ECCDDAE4022}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{5BEF38BA-8D4E-498E-930E-59655FDD3CA0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{5CE0277B-C435-4550-B13D-D7D1487730A9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "TCP Query User{B8D4D609-F189-43A6-A9A9-D218A7170315}C:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{C46F0B15-C5E8-42D1-8059-26BD5F148436}C:\juegos\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\juegos\medieval ii total war\medieval2.exe |
    "TCP Query User{CE2A2F9A-8C50-49DC-81F5-56D27563764F}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "TCP Query User{D6D1BCC0-A90D-4520-A9DF-BBC15AA1FDD5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{E72544E8-B61B-48F8-83A4-E88CB53AF2AB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "TCP Query User{E92CAC62-866B-4D6D-80AE-1EB3B70496BE}C:\juegos\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=c:\juegos\medieval ii total war\kingdoms.exe |
    "TCP Query User{EC80FC96-1CA6-4D8C-971F-09C66A447352}C:\program files (x86)\srware iron\iron.exe" = protocol=6 | dir=in | app=c:\program files (x86)\srware iron\iron.exe |
    "TCP Query User{ED7F4BB2-A212-4A8E-B81C-2DBF5291460D}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "UDP Query User{1B60D72E-2615-4D17-979A-7CA27DCE4788}C:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jas\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{3EDA6315-3D88-4FCC-93C8-DA1A5B835FE5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{459C7A83-A082-47A7-A38A-BAD84FA38A13}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "UDP Query User{5A6C712B-2F97-4EA8-9202-242F862E86B6}C:\juegos\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=c:\juegos\medieval ii total war\kingdoms.exe |
    "UDP Query User{8AECB391-A6B8-4529-9059-485DCCE80496}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "UDP Query User{954E3DE3-B062-4573-86DE-117582F6FE70}C:\program files (x86)\srware iron\iron.exe" = protocol=17 | dir=in | app=c:\program files (x86)\srware iron\iron.exe |
    "UDP Query User{993B15CB-43EF-42D8-9C9E-81E684B1F2A1}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "UDP Query User{A448843C-35C7-43E5-B271-B56F80AE993B}C:\juegos\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\juegos\medieval ii total war\medieval2.exe |
    "UDP Query User{AA877D47-2363-4051-AC34-A4A2C7F5B85E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{B2B4B459-F447-418D-9AD0-72EBF3D135FC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{BAD71237-0762-48EC-903A-B4D31C29D0BD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{C58B27EB-BDE2-4B8D-87AE-DDACB20704B8}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe |
    "UDP Query User{C6680BAD-1139-433E-8F6C-8DEA9FE73E97}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
    "UDP Query User{D7F13A8F-96E9-4E55-8955-DCBD52DDC2A9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "UDP Query User{EDB90185-7BB4-4407-80C5-0F0D1205A5DF}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "UDP Query User{F758C009-A0F2-4D1C-B824-C1414DF835C9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
  10. Jasso

    Jasso TS Rookie Topic Starter

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E895E63-0AC5-11DD-97E2-000A94026593}" = Vision
    "{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "CCleaner" = CCleaner
    "Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
    "EPSON Printer and Utilities" = EPSON-Drucker-Software
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Opera 12.00.1406" = Opera Next 12.00 beta build 1406
    "Recuva" = Recuva
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
    "uTorrent" = µTorrent
    "Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0296BF9F-93C1-47A4-805B-46545CACBE31}" = SHARP Pen Software
    "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1DE8DBBC-8BBC-A40A-B5F1-62BE13D721C6}" = Market Samurai
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{344A1884-A298-4740-8B7A-3DC3F17F652C}" = Serif WebPlus Starter Edition
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
    "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
    "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
    "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
    "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
    "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
    "{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
    "{A494132F-11D7-4376-BD56-9ADCDC69BA67}" = CNTDesigner
    "{A588FF79-CFDD-4FB1-B2D3-FED2DC884B52}" = Watchtower Library 2009 - Deutsch
    "{A7D5AAA9-7C58-45D6-BBA4-FF9002F5BBE1}" = SHARP Pen Software
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
    "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
    "{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 19.0.1100.0
    "{C8983823-DCEA-4064-B7DA-FE3871F2231E}" = Click-N-Type
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AI RoboForm" = RoboForm 7-7-0 (All Users)
    "Android SDK Tools" = Android SDK Tools
    "Audacity_is1" = Audacity 1.2.6
    "avast" = avast! Free Antivirus
    "Biet-O-Matic v2.12.9" = Biet-O-Matic v2.12.9
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "CamAlert_is1" = CamAlert II
    "ColorPic" = ColorPic
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "DivX Setup" = DivX-Setup
    "du Mobile Broadband" = du Mobile Broadband
    "Easy Keyboard Manager_is1" = Easy Keyboard Manager 1.0.0
    "EasyCash&Tax_is1" = EasyCash&Tax 1.48
    "ElsterFormular 11.5.0.4546" = ElsterFormular
    "ElsterFormular 13.2.0.8623p" = ElsterFormular
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "Fast Blog Finder 3_is1" = Fast Blog Finder 3
    "FastStone Capture" = FastStone Capture 5.3
    "Fences" = Fences
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
    "GOM Player" = GOM Player
    "IETester" = IETester v0.4.6 (remove only)
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "InstallShield_{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
    "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
    "JDownloader" = JDownloader
    "Kernel EML Viewer_is1" = Kernel EML Viewer ver 10.09.01
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Metro-Naval" = Metro-Naval 1.9
    "Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
    "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
    "Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "Multiple File Search Replace_is1" = Multiple File Search Replace 2.30
    "Notepad++" = Notepad++
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Offline Downloader" = Offline Downloader
    "Orbit_is1" = Orbit Downloader
    "Polipo" = Polipo 1.0.4.1
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "RocketDock_is1" = RocketDock 1.3.5
    "RouterControl" = RouterControl 2.0
    "ST5UNST #1" = PixLin
    "Steam App 10500" = Empire: Total War
    "SugarSync" = SugarSync Manager
    "SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
    "TeamViewer 7" = TeamViewer 7
    "Tor" = Tor 0.2.2.34
    "Touch-It_is1" = Touch-It Virtual Keyboard 4.3.0.3 (Freeware)
    "TreeSize Free_is1" = TreeSize Free V2.6
    "TrueCrypt" = TrueCrypt
    "Veoh Web Player Beta" = Veoh Web Player
    "Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
    "Vidalia" = Vidalia 0.2.15
    "WebSpider2" = Xaldon WebSpider2
    "WinLiveSuite" = Windows Live Essentials
    "xampp" = XAMPP 1.7.7
    "XMind" = XMind
    "YouTube Song Downloader_is1" = YouTube Song Downloader

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "0 A.D." = 0 A.D.
    "Opera 11.64.1403" = Opera 11.64

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:04:15 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    Error - 24.10.2011 15:16:16 | Computer Name = JForce | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
    Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
    gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
    .

    [ OSession Events ]
    Error - 05.01.2011 05:55:04 | Computer Name = JForce | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1248
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 17.08.2012 13:28:37 | Computer Name = JForce | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\FDCDNT.SYS
    nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
    des Treibers zu erhalten.

    Error - 17.08.2012 13:29:18 | Computer Name = JForce | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%577

    Error - 17.08.2012 13:29:19 | Computer Name = JForce | Source = Service Control Manager | ID = 7000
    Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%577

    Error - 17.08.2012 13:29:31 | Computer Name = JForce | Source = Service Control Manager | ID = 7026
    Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
    FDCDNT

    Error - 17.08.2012 13:29:34 | Computer Name = JForce | Source = Service Control Manager | ID = 7034
    Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
    ist bereits 1 Mal passiert.

    Error - 17.08.2012 15:59:27 | Computer Name = JForce | Source = Microsoft-Windows-HAL | ID = 12
    Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
    der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
    Firmware verfügbar ist.

    Error - 18.08.2012 18:48:14 | Computer Name = JForce | Source = Service Control Manager | ID = 7030
    Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
    Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
    sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

    Error - 18.08.2012 19:00:44 | Computer Name = JForce | Source = Application Popup | ID = 1060
    Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
    nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
    des Treibers zu erhalten.

    Error - 18.08.2012 19:40:26 | Computer Name = JForce | Source = Service Control Manager | ID = 7030
    Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
    Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
    sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

    Error - 19.08.2012 04:26:56 | Computer Name = JForce | Source = volsnap | ID = 393252
    Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
    nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3:64bit: - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No CLSID value found.
      O4 - HKU\S-1-5-21-732390795-3526433701-2277339337-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - Startup: C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk = File not found
      O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
      O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
      O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
      @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. Jasso

    Jasso TS Rookie Topic Starter

    I ran the OTL fix you provided and after it was done it rebooted my machine but it did not produce a log file, what to do?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Re-run the fix from safe mode.
     
  14. Jasso

    Jasso TS Rookie Topic Starter

    Ok, I think it would have worked without safe mode if I had only started OTL again once the PC finished rebooting because when I went into safe mode and started OTL, instead of OTL, the log file popped up. But since I wasnt sure if thats the log file, I re-ran the fix anyway. So herewith I am posting both log files, the one from the first run in normal mode and from the second run, which was in safe mode:

    1st run (normal mode) log:
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.
    C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    ADS C:\ProgramData\TEMP:7FFED16F deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JaS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 66340 bytes
    ->Java cache emptied: 46194895 bytes
    ->FireFox cache emptied: 94373856 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 3073 bytes

    User: JaS_2
    ->Temp folder emptied: 2701191 bytes
    ->Temporary Internet Files folder emptied: 5498203 bytes
    ->Java cache emptied: 7919 bytes
    ->FireFox cache emptied: 119679505 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 15262099 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 878 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 271,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Java cache emptied: 0 bytes

    User: JaS_2
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Flash cache emptied: 0 bytes

    User: JaS_2
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.58.0 log created on 08192012_210252

    Files\Folders moved on Reboot...
    File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\api[1].htm moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\button-flex-blue2[1].png moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\tick-blue[1].png moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3EAHHAE\background-banner-middle-v9[1].jpg moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLYVBY4J\background_banner_7_de[1].jpg moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\api[1].htm moved successfully.
    C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\background-banner-right-v9[1].jpg moved successfully.
    File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

    PendingFileRenameOperations files...
    [2011.10.22 00:31:40 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\api[1].htm not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\button-flex-blue2[1].png not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6GPKOWN\tick-blue[1].png not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3EAHHAE\background-banner-middle-v9[1].jpg not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLYVBY4J\background_banner_7_de[1].jpg not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\api[1].htm not found!
    File C:\Users\JaS_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21R514K2\background-banner-right-v9[1].jpg not found!
    File C:\Windows\temp\_avast_\Webshlock.txt not found!

    Registry entries deleted on Reboot...

    2nd run (safe mode) log:
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ not found.
    Registry key HKEY_USERS\S-1-5-21-732390795-3526433701-2277339337-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
    File move failed. C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ not found.
    File C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:7FFED16F .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JaS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JaS_2
    ->Temp folder emptied: 18894 bytes
    ->Temporary Internet Files folder emptied: 148174 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 10119009 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 10,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Java cache emptied: 0 bytes

    User: JaS_2
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Flash cache emptied: 0 bytes

    User: JaS_2
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.58.0 log created on 08192012_213937

    Files\Folders moved on Reboot...
    File\Folder C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk not found!
    File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\JaS_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignagePlayer.lnk not found!
    [2012.08.19 21:41:28 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)
    Go on...
     
  16. Jasso

    Jasso TS Rookie Topic Starter

    Wow the Eset Online scan took several hours. But finally, here are all the logs:

    SecurityCheck LOG:

    Results of screen317's Security Check version 0.99.46
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware Version 1.62.0.1300
    Java(TM) 6 Update 26
    Java 2 Runtime Environment, SE v1.4.2_19
    Java version out of Date!
    Mozilla Firefox 8.0 Firefox out of Date!
    Mozilla Thunderbird (14.0.)
    Google Chrome 15.0.874.121
    Google Chrome 16.0.912.63
    Google Chrome Plugins...
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner (FSS) LOG:

    Farbar Service Scanner Version: 06-08-2012
    Ran by JaS (administrator) on 19-08-2012 at 22:11:21
    Running from "C:\Users\JaS_2\Desktop"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    \Windows\System32\nsisvc.dll => MD5 is legit
    \Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    \Windows\System32\dhcpcore.dll => MD5 is legit
    \Windows\System32\drivers\afd.sys => MD5 is legit
    \Windows\System32\drivers\tdx.sys => MD5 is legit
    \Windows\System32\Drivers\tcpip.sys
    [2009-07-14 03:25] - [2009-07-14 05:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

    \Windows\System32\dnsrslvr.dll
    [2009-07-14 03:21] - [2009-07-14 05:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

    \Windows\System32\mpssvc.dll
    [2009-07-14 04:09] - [2009-07-14 05:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    \Windows\System32\bfe.dll => MD5 is legit
    \Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    \Windows\System32\SDRSVC.dll
    [2009-07-14 03:36] - [2009-07-14 05:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    \Windows\System32\vssvc.exe => MD5 is legit
    \Windows\System32\wscsvc.dll => MD5 is legit
    \Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    \Windows\System32\wuaueng.dll => MD5 is legit
    \Windows\System32\qmgr.dll => MD5 is legit
    \Windows\System32\es.dll => MD5 is legit
    \Windows\System32\cryptsvc.dll => MD5 is legit
    \Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    \Windows\System32\svchost.exe => MD5 is legit
    \Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    Temp File Cleaner (TFC):
    no log


    ESET Online Scanner LOG:

    C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\TF.Corporate.PremiumWP.Bundle.rar PHP/Agent.AS trojan deleted - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\children-and-toys\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\esther\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\AKTUELLE PROJEKTE\KateWeber-Photography.com\kateweber-photography.com\blog.old\wp-content\themes\photoblog\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_for_ikea-home-planner.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_furnish-pro.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_meine-wohnung-click-design.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
    C:\Users\JaS_2\Desktop\NGI\Raumplaner\SoftonicDownloader_fuer_sweet-home-3d.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
    F:\Prog Backups\eSitegrinder__-_Keygen.rar a variant of Win32/Injector.BPU trojan deleted - quarantined
    F:\Prog Backups\Nero10Lite_www.softvnn.com.rar Win32/Packed.Autoit.C.Gen application deleted - quarantined
    F:\Prog Backups\Port.AICS3_g3n_downarchive.rar probably a variant of Win32/IRCBot.LFSWIOM trojan deleted - quarantined
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  18. Jasso

    Jasso TS Rookie Topic Starter

    Hi, when I try to download and install the latest JAVA version from the link you provided, the online verification tells me I have the latest version already installed (Version 7 Update 5). What to do? Download and install it manually?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    In that case you're fine.
    Go on with other steps.
     
  20. Jasso

    Jasso TS Rookie Topic Starter

    OTL FIX LOG:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JaS
    ->Temp folder emptied: 88861 bytes
    ->Temporary Internet Files folder emptied: 53001 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: JaS_2
    ->Temp folder emptied: 259610 bytes
    ->Temporary Internet Files folder emptied: 7480664 bytes
    ->Java cache emptied: 1853 bytes
    ->FireFox cache emptied: 58922980 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 2159 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1754 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
    RecycleBin emptied: 9618363 bytes

    Total Files Cleaned = 73,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Flash cache emptied: 0 bytes

    User: JaS_2
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: JaS
    ->Java cache emptied: 0 bytes

    User: JaS_2
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.58.0 log created on 08212012_094352

    Files\Folders moved on Reboot...
    File move failed. C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    [2012.08.19 22:15:44 | 000,000,000 | ---- | M] () C:\Users\JaS_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
    [2012.08.21 09:46:30 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    The issue seems to be reolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...