Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected ... but by what? I am stuck.


  • Please log in to reply
25 replies to this topic

#1 deus62

deus62

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 13 June 2013 - 11:03 PM

Hello everyone. I'm new here. I read quite a few removal threads here but cannot find my problem.

 

My problem:

Today, after an extensive MS (Vista 64bit) update, I noticed that my "Microsoft Essentials" was not active anymore. As far as I can tell, it stopped working around the 22nd of last month (May).

 

Whenever I tried to remove Security Essentials, find any of its files, reinstall and whatnot, I got error messages that I was missing rights, that files could not be found, etc. I hit a brick wall.

 

I then tried various removal procedures, by hand and by various programs, but all of them failed and made things worse (I started to get DNS problems, etc.).

 

I then reverted to the 10th of June via a restore point (interestingly enough, that was the earliest I had ... I used to have more).

 

Now I am at at loss regarding further procedure. I just don't want to mess everything up.

Then I came here.
 

Additional information, before we get to the log:

 

Other problems I have noticed (but didn't pay attention to much) were:

a) Microsoft Outlook once tried to send 12 mails (the outgoing folder was empty though) somewhere. I killed it and the problem never reappeared.

B) I'm not sure anymore if I configured my firewall to not download updates automatically, but it is configured to tell me that there are some and I have to install them by hand.

c) I have turned off the UAC myself!

d) Before I went to the earliest restore point (see above), things started to get ugly in a hurry. When I tried automated removal tools, my browser would not find any security-related sites anymore (others worked for a while and then also stopped working), suddenly UAC went on after one reboot, plus other stuff I cannot remember right now.

 

I have followed the "Preparation Guide" and here's what I have:

 

********************************************************************************

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by deus62 at 5:40:26 on 2013-06-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.1734 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Web-Recherche-Browserhilfsobjekt: {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files (x86)\Web-Recherche\WRShell.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Web-Recherche-Symbolleiste: {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files (x86)\Web-Recherche\WRShell.dll
TB: Web-Recherche-Bearbeitungsleiste: {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files (x86)\Web-Recherche\WRShell.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\deus62\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit Mipony herunterladen - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Web-Recherche: Bild speichern - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#101
IE: Web-Recherche: Bild speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#108
IE: Web-Recherche: Link-Adresse speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#110
IE: Web-Recherche: Markierte Ziele speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#111
IE: Web-Recherche: Markierung speichern - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#104
IE: Web-Recherche: Markierung speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#109
IE: Web-Recherche: Seitenbereich (Frame) speichern - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#102
IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#106
IE: Web-Recherche: Ziel speichern - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#103
IE: Web-Recherche: Ziel speichern unter... - C:\PROGRA~2\WEB-RE~1\wrshell.dll/#107
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer = 217.0.43.97 217.0.43.113
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: NoWindowsUpdate = dword:0
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
x64-DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\deus62\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-13 18:40; firefox@ghostery.com; C:\Users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-05-13 18:53; donottrackplus@abine.com; C:\Users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\extensions\donottrackplus@abine.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-24 202752]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-7-3 21992]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\System32\drivers\dc3d.sys [2010-7-1 51600]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64.sys [2010-6-30 45456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2010-2-20 15192]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-6-20 10568]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-19 89920]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-2-18 1397064]
SUnknown NisSrv;NisSrv; [x]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-06-15 03:34:11    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 03:34:11    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-23 23:27:01    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 23:27:00    263584    ----a-w-    C:\Windows\SysWow64\javaws.exe
2013-05-23 23:27:00    174496    ----a-w-    C:\Windows\SysWow64\javaw.exe
2013-05-23 23:26:59    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-05-23 23:26:59    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-23 23:26:59    174496    ----a-w-    C:\Windows\SysWow64\java.exe
2013-05-15 05:27:41    75016696    ----a-w-    C:\Windows\System32\mrt.exe
2013-05-05 21:36:54    17818624    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43    12324864    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:19:09    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59    237056    ----a-w-    C:\Windows\System32\url.dll
2013-04-05 00:57:27    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-04-02 14:09:52    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH:  5:40:44,65 ===============

 

I hope I did everything correctly.

 

I am patient and have time and am happy about any help I can get.

I'm from Germany, btw, but my English is quite good. I just think that some of the log lines might be confusing to someone who isn't German?

 

My PC is running and is in no way blocked, but it is not currently secured.

I have a Notebook completely separated from my PC, so I can work.

Thanks for any help.

deus62

Attached Files


Edited by deus62, 13 June 2013 - 11:05 PM.


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:26 AM

Posted 16 June 2013 - 04:40 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

c) I have turned off the UAC myself!

This is a big security risk. I strongly recommend turning it back on.

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 16 June 2013 - 05:11 PM

Hello, Dark Knight,

 

thank you so much for wanting to help me out.

 

I'm away from my PC until Wednesday evening.

I hope it's OK to post the above requested scan results Wednesday/Thursday?

 

Again, thanks for your help,

 

deus62


Edited by deus62, 16 June 2013 - 05:12 PM.


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:26 AM

Posted 17 June 2013 - 04:36 PM

Hey deus62,

 

No worries. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 June 2013 - 02:05 AM

OK, I'm home a few days later and will get to it .... now. :)

Thanks for your patience.


Edited by deus62, 22 June 2013 - 02:05 AM.


#6 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 June 2013 - 02:29 AM

Here are the combofix results.

I followed all the instructions and combofix ran without any problems.

 

 

 

ComboFix 13-06-22.01 - deus62 22.06.2013   9:15.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2549 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\users\deus62\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-22 bis 2013-06-22  ))))))))))))))))))))))))))))))
.
.
2013-06-22 07:12 . 2013-06-22 07:13    --------    d-----w-    C:\32788R22FWJFW
2013-06-22 07:06 . 2013-06-22 07:06    --------    d-----w-    c:\users\deus62\AppData\Roaming\Oracle
2013-06-22 06:46 . 2013-06-22 06:46    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-20 14:12 . 2013-06-20 14:12    --------    d-----w-    c:\users\deus62\AppData\Roaming\Create Software
2013-06-15 12:26 . 2013-06-15 12:26    --------    d-----w-    c:\program files (x86)\Stueber Software
2013-06-15 03:21 . 2013-04-24 04:09    174592    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-15 03:21 . 2013-04-24 04:09    132096    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-15 03:21 . 2013-04-24 04:09    1269248    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-15 03:21 . 2013-04-24 04:09    50688    ----a-w-    c:\windows\system32\certenc.dll
2013-06-15 03:21 . 2013-04-24 04:00    985600    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-15 03:21 . 2013-04-24 04:00    98304    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-15 03:21 . 2013-04-24 04:00    133120    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-15 03:21 . 2013-04-24 04:00    41984    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-06-15 03:21 . 2013-04-24 02:10    1078272    ----a-w-    c:\windows\system32\certutil.exe
2013-06-15 03:21 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-06-15 01:18 . 2013-04-17 13:04    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-15 01:18 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-15 01:17 . 2013-05-08 04:14    1417576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-15 01:17 . 2013-05-08 02:27    40448    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-06-15 01:17 . 2013-05-02 04:16    686080    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-15 01:17 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-15 01:17 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\SysWow64\printcom.dll
2013-06-13 21:50 . 2013-06-13 21:50    --------    d-----w-    c:\program files\AVAST Software
2013-06-13 21:49 . 2013-06-13 21:50    --------    d-----w-    c:\programdata\AVAST Software
2013-06-01 18:52 . 2013-06-15 01:07    --------    d-----w-    c:\program files (x86)\PDF Password Remover v3.1
2013-06-01 18:47 . 2013-06-15 01:09    --------    d-----w-    c:\program files (x86)\PDFKey Pro
2013-05-23 23:27 . 2013-05-23 23:27    --------    d-----w-    c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 06:46 . 2012-07-07 08:50    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-22 06:46 . 2010-12-07 08:17    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-22 06:27 . 2006-11-02 12:35    75825640    ----a-w-    c:\windows\system32\mrt.exe
2013-06-15 03:34 . 2012-04-05 15:31    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 03:34 . 2011-05-21 16:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 00:01 . 2013-05-22 00:01    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72B5C2F3-EB1F-4DB4-8D66-E577518718AB}\offreg.dll
2013-05-21 09:22 . 2013-05-21 09:26    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDC95E53-78BE-491E-B246-D26904C89F25}\gapaengine.dll
2013-05-13 06:37 . 2013-05-21 09:23    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72B5C2F3-EB1F-4DB4-8D66-E577518718AB}\mpengine.dll
2013-05-13 06:37 . 2013-05-20 07:34    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-02 15:29 . 2010-02-19 00:51    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 04:59 . 2013-04-24 05:04    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B9BC209-192B-4E39-8908-A64828E749C9}\gapaengine.dll
2013-04-24 04:59 . 2011-03-26 23:59    905296    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-15 14:17 . 2013-05-15 05:10    901496    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-15 05:10    47104    ----a-w-    c:\windows\system32\cdd.dll
2013-04-09 01:55 . 2013-05-15 05:10    2774016    ----a-w-    c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-03 11:22    220624    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-03 11:22    220624    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-03 11:22    220624    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-24 641704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\deus62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:34]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 16:53]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 16:53]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225011635-62478152-4079767521-1000Core.job
- c:\users\deus62\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-13 11:48]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225011635-62478152-4079767521-1000UA.job
- c:\users\deus62\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-13 11:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-03 11:22    244688    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-03 11:22    244688    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-03 11:22    244688    ----a-w-    c:\users\deus62\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-06 2327952]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Web-Recherche: Bild speichern - c:\progra~2\WEB-RE~1\wrshell.dll/#101
IE: Web-Recherche: Bild speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#108
IE: Web-Recherche: Link-Adresse speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#110
IE: Web-Recherche: Markierte Ziele speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#111
IE: Web-Recherche: Markierung speichern - c:\progra~2\WEB-RE~1\wrshell.dll/#104
IE: Web-Recherche: Markierung speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#109
IE: Web-Recherche: Seitenbereich (Frame) speichern - c:\progra~2\WEB-RE~1\wrshell.dll/#102
IE: Web-Recherche: Seitenbereich (Frame) speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#106
IE: Web-Recherche: Ziel speichern - c:\progra~2\WEB-RE~1\wrshell.dll/#103
IE: Web-Recherche: Ziel speichern unter... - c:\progra~2\WEB-RE~1\wrshell.dll/#107
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: Interfaces\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB}: NameServer = 217.0.43.97 217.0.43.113
FF - ProfilePath - c:\users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: 2013-05-13 18:40; firefox@ghostery.com; c:\users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-05-13 18:53; donottrackplus@abine.com; c:\users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-06-22 00:18; de-DE@dictionaries.addons.mozilla.org; c:\users\deus62\AppData\Roaming\Mozilla\Firefox\Profiles\351qszxc.default\extensions\de-DE@dictionaries.addons.mozilla.org
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-klmdb.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2013-06-22  09:25:37
ComboFix-quarantined-files.txt  2013-06-22 07:25
.
Vor Suchlauf: 10 Verzeichnis(se), 11.075.661.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 14.199.226.368 Bytes frei
.
- - End Of File - - BB13BB07ECE235FC9A54CA34CBB63A0C
5C616939100B85E558DA92B899A0FC36
 



#7 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 22 June 2013 - 02:38 AM

Some notes from me. Please ignore if not helpful.

 

  • When all of this started, I tried to deinstall MS Security Essentials (using some MS guide). I was only partially successful, so there are bits and pieces of it left on the PC/in the registry.
  • I remember that everything in the MS Security Essentials folder had been replaced with shortcuts elsewhere (somewhere in the Windows folder, as far as I recall).
  • I then installed Avast and, when problems persisted, I deleted it again (although it seemed to be working fine).
  • I then restored to the earliest restore point (see my first post).
  • Then I came here.
  • Since then, as far as I recall, I did absolutely nothing but install the latest MS updates (today) and a Java update (today) ... before I ran combofix.
  • MS still wants to install the latest Security Essentials Definition update(s), although the program won't work. I did not - yet - install that update.
  • Currently, there is no anti-virus software installed on my PC. UAC is still off. Both will be dealt with once my problems are solved.

 

That's it.

 

Thank you very much for your continued help.


Edited by deus62, 22 June 2013 - 02:55 AM.


#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:26 AM

Posted 22 June 2013 - 05:53 PM

Hello deus62,

 

Some notes from me. Please ignore if not helpful.

They were helpful. :)

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 23 June 2013 - 10:27 AM

Thank you for your continued help, Dark Knight.

Here's the first scan (OTL):

OTL logfile created on: 23.06.2013 17:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,82% Memory free
8,22 Gb Paging File | 6,67 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,13 Gb Total Space | 13,58 Gb Free Space | 13,57% Space Free | Partition Type: NTFS
Drive D: | 365,53 Gb Total Space | 53,51 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 34,58 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
 
Computer Name: SCREAMWORKS | User Name: deus62 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.23 17:13:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.02.18 14:22:44 | 000,036,168 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.12.11 22:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.15 05:34:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.19 10:57:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.01 02:11:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.26 17:09:39 | 000,607,048 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.18 14:28:42 | 001,397,064 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.18 14:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.04 21:37:38 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.07.29 01:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.01 19:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dc3d.sys -- (dc3d)
DRV:64bit: - [2010.06.30 02:10:58 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64.sys -- (Point64)
DRV:64bit: - [2010.03.12 19:14:18 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.12 19:14:18 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.03 16:11:50 | 000,048,144 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\uimx64.sys -- (UimBus)
DRV:64bit: - [2010.02.03 16:11:48 | 000,158,736 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2009.12.11 23:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.11 21:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.19 01:31:24 | 000,120,848 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.11.16 04:13:26 | 000,271,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012.06.20 05:55:32 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.02.15 17:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys -- (FLASHSYS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2B99E2CD-5E4E-40F9-B77B-F65D8EA1D5DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B99E2CD-5E4E-40F9-B77B-F65D8EA1D5DF}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: webresearch%40macropool.com:1.9.11
FF - prefs.js..extensions.enabledAddons: %7B76C80A11-FAD4-406c-8246-F5ED4F9367B5%7D:0.1.7
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Be8f509f0-b677-11de-8a39-0800200c9a66%7D:1.12
FF - prefs.js..extensions.enabledAddons: selectivecookiedelete%40siju.mathew:4.1
FF - prefs.js..extensions.enabledAddons: scrapbookplus4wr%40macropool.com:1.9.11
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.520
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.500
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\deus62\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\deus62\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\deus62\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\deus62\AppData\Roaming\IDM\idmmzcc3
 
[2012.10.21 12:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\Extensions
[2012.10.21 12:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\001 jogush\extensions
[2013.06.22 00:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions
[2013.03.30 10:41:22 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.06.14 23:56:42 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\de_DE@dicts.j3e(105).de
[2013.06.22 00:18:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.06.06 15:13:06 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\donottrackplus@abine.com
[2013.05.19 04:40:28 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\firefox@ghostery.com
[2013.01.04 14:44:09 | 000,000,000 | ---D | M] (selectivecookiedelete) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\selectivecookiedelete@siju.mathew
[2012.11.07 21:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\sitefavinurlbar@sonco.com
[2012.11.22 01:24:05 | 000,000,000 | ---D | M] (WebResearch Firefox Extension) -- C:\Users\deus62\AppData\Roaming\mozilla\Firefox\Profiles\351qszxc.default\extensions\webresearch@macropool.com
[2012.10.21 12:51:51 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\001 jogush\extensions\adblockpopups@jessehakanen.net.xpi
[2012.10.21 12:43:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\001 jogush\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.03 12:11:25 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.10.21 16:56:10 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.06.19 06:25:52 | 000,693,282 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\feedly@devhd.xpi
[2013.06.20 06:37:58 | 000,169,146 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\info@mp3it.eu.xpi
[2013.01.09 06:21:57 | 000,165,109 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\scrapbookplus4wr@macropool.com.xpi
[2012.11.16 17:59:27 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
[2013.05.08 20:12:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.21 16:56:21 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.11.21 18:56:54 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2012.11.15 12:41:49 | 000,010,339 | ---- | M] () -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\searchplugins\duckduckgo-1.xml
[2012.11.15 12:41:43 | 000,010,339 | ---- | M] () -- C:\Users\deus62\AppData\Roaming\mozilla\firefox\profiles\351qszxc.default\searchplugins\duckduckgo.xml
[2013.05.19 10:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.19 10:57:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\deus62\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\deus62\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\deus62\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.7.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\deus62\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
CHR - Extension: Web Developer = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\
CHR - Extension: Empty New Tab Page = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij\1.1.1_0\
CHR - Extension: Empty New Tab Page = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij\1.1_0\
CHR - Extension: Right-Click Search Wikipedia = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje\0.9_0\
CHR - Extension: After the Deadline = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_0\
CHR - Extension: Easy Youtube Video Downloader = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem\4.1_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.9_0\
CHR - Extension: Create Link = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmghdmnkfdbncmnmlkkglmnnhagajbm\0.2.6_0\
CHR - Extension: Click&Clean = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AdBlock = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: AdBlock = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Feedly - Your News, RSS, Google Reader = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\14.0.497_0\
CHR - Extension: Feedly - Your News, RSS, Google Reader = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\16.0.515_0\
CHR - Extension: Downloads = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: View Image Info (properties) = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldjjifbpipdmligefcogandjojpdagn\0.0.1.1_0\
CHR - Extension: Extensions Manager (aka Switcher) = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\0.2.1.2_0\
CHR - Extension: F.B. Purity - Cleans Up Facebook = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\4.3.0_0\
CHR - Extension: Mahjong Solitaire = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: Better History = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.38_0\
CHR - Extension: Click&Clean App = C:\Users\deus62\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
 
O1 HOSTS File: ([2013.06.22 09:22:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Web-Recherche-Browserhilfsobjekt) - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Web-Recherche-Bearbeitungsleiste) - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKLM\..\Toolbar: (Web-Recherche-Symbolleiste) - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files (x86)\Web-Recherche\WRShell.dll (macropool GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Mit Mipony herunterladen - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Bild speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#101 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Bild speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#108 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Link-Adresse speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#110 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Markierte Ziele speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#111 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Markierung speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#104 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Markierung speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#109 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#102 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#106 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Ziel speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#103 File not found
O8:64bit: - Extra context menu item: Web-Recherche: Ziel speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#107 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Mipony herunterladen - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Recherche: Bild speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#101 File not found
O8 - Extra context menu item: Web-Recherche: Bild speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#108 File not found
O8 - Extra context menu item: Web-Recherche: Link-Adresse speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#110 File not found
O8 - Extra context menu item: Web-Recherche: Markierte Ziele speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#111 File not found
O8 - Extra context menu item: Web-Recherche: Markierung speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#104 File not found
O8 - Extra context menu item: Web-Recherche: Markierung speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#109 File not found
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#102 File not found
O8 - Extra context menu item: Web-Recherche: Seitenbereich (Frame) speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#106 File not found
O8 - Extra context menu item: Web-Recherche: Ziel speichern - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#103 File not found
O8 - Extra context menu item: Web-Recherche: Ziel speichern unter... - res://C:\PROGRA~2\WEB-RE~1\wrshell.dll/#107 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16:64bit: - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB}: NameServer = 217.0.43.97 217.0.43.113
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O24 - Desktop WallPaper: D:\Bilder\0200 Customizations\0010 Wallpapers\1920 x 1080\treeoflove.bmp
O24 - Desktop BackupWallPaper: D:\Bilder\0200 Customizations\0010 Wallpapers\1920 x 1080\treeoflove.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.22 22:43:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.22 09:25:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.22 09:25:42 | 000,000,000 | ---D | C] -- C:\Users\deus62\AppData\Local\temp
[2013.06.22 09:13:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.22 09:13:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.22 09:13:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.22 09:13:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.22 09:13:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.22 09:12:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013.06.22 09:06:09 | 000,000,000 | ---D | C] -- C:\Users\deus62\AppData\Roaming\Oracle
[2013.06.22 08:46:48 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.22 08:46:40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.22 08:46:40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.22 08:46:40 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 08:21:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.22 08:21:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.22 08:21:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.22 08:21:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.22 08:21:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.22 08:21:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.22 08:21:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.22 08:21:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.22 08:21:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.22 08:21:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.22 08:21:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.22 08:21:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.22 08:21:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.22 08:21:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.22 08:21:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.20 16:12:31 | 000,000,000 | ---D | C] -- C:\Users\deus62\AppData\Roaming\Create Software
[2013.06.15 14:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stüber Systems
[2013.06.15 14:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stueber Software
[2013.06.15 05:21:55 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.15 05:21:55 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.15 05:21:55 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.15 05:21:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.15 05:21:55 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.15 05:21:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.15 03:18:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.15 03:18:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.15 03:17:48 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.15 03:17:48 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.15 03:17:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll
[2013.06.15 02:34:02 | 000,000,000 | ---D | C] -- D:\Desktop\RK_Quarantine
[2013.06.13 23:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.13 23:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.06 15:24:36 | 000,000,000 | ---D | C] -- D:\Desktop\Karte
[2013.06.02 20:50:19 | 000,000,000 | ---D | C] -- D:\Desktop\KA 12
[2013.06.02 20:49:11 | 000,000,000 | ---D | C] -- D:\Desktop\Currently Downloading
[2013.06.01 20:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover v3.1
[2013.06.01 20:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Password Remover v3.1
[2013.06.01 20:47:00 | 000,000,000 | ---D | C] -- C:\Users\deus62\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFKey Pro
[2013.06.01 20:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFKey Pro
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.23 17:19:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.23 17:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.23 16:59:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1225011635-62478152-4079767521-1000UA.job
[2013.06.23 16:33:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 16:33:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 10:49:02 | 000,001,456 | ---- | M] () -- C:\Users\deus62\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.06.23 10:49:01 | 000,407,272 | ---- | M] () -- C:\finish.jpg
[2013.06.23 10:47:00 | 007,224,463 | ---- | M] () -- C:\finish-line.png
[2013.06.23 09:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.23 00:59:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1225011635-62478152-4079767521-1000Core.job
[2013.06.22 22:29:15 | 000,203,393 | ---- | M] () -- C:\desmond.jpg
[2013.06.22 12:19:44 | 000,000,224 | ---- | M] () -- D:\Desktop\Bonner Flitzer Haushaltsauflösungen - Entrümpelungen - Transporte aller Art.URL
[2013.06.22 12:17:04 | 000,000,229 | ---- | M] () -- D:\Desktop\Troc Bonn entrümpelt!.URL
[2013.06.22 12:15:05 | 000,000,236 | ---- | M] () -- D:\Desktop\Elektroschrott abholen und entsorgen in Bonn.URL
[2013.06.22 12:14:25 | 000,000,219 | ---- | M] () -- D:\Desktop\Plischka Bonn Abholung Elektrogeräte.URL
[2013.06.22 10:41:43 | 000,206,233 | ---- | M] () -- C:\metal.jpg
[2013.06.22 09:22:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.22 08:46:18 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.22 08:46:14 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.22 08:46:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.22 08:46:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.22 08:46:13 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.22 08:46:13 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.22 08:41:47 | 005,162,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.22 08:41:46 | 015,275,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.22 08:41:46 | 004,424,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.22 08:41:43 | 004,884,608 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.22 08:41:42 | 000,006,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.22 08:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.22 00:30:27 | 000,490,327 | ---- | M] () -- C:\2011-02.jpg
[2013.06.22 00:26:30 | 001,190,012 | ---- | M] () -- C:\2011-01.jpg
[2013.06.20 23:38:30 | 000,110,709 | ---- | M] () -- C:\zz-top.jpg
[2013.06.20 22:19:59 | 000,114,703 | ---- | M] () -- C:\Cyberbullying.png
[2013.06.19 20:22:48 | 000,000,229 | ---- | M] () -- D:\Desktop\Photopia ~ Responsive Photography WordPress Theme.URL
[2013.06.19 20:19:15 | 000,000,256 | ---- | M] () -- D:\Desktop\Meet ‘Photopia’ ~ Our Large Format Photography WP Theme.URL
[2013.06.15 14:24:29 | 000,006,997 | ---- | M] () -- C:\moodle-profil02.jpg
[2013.06.15 14:22:33 | 000,288,304 | ---- | M] () -- C:\moodle-profil.jpg
[2013.06.15 06:27:29 | 000,000,263 | ---- | M] () -- D:\Desktop\Infected ... but by what I am stuck. - Virus, Trojan, Spyware, and Malware Removal Logs.URL
[2013.06.15 05:34:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.15 05:34:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.15 03:20:17 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.14 18:50:39 | 000,000,260 | ---- | M] () -- D:\Desktop\Topic How to update all post to Image post format WPBandit.URL
[2013.06.14 18:50:35 | 000,000,211 | ---- | M] () -- D:\Desktop\php if ( get_post_format() ) php get_template_part('partialspost- - Pastebin.com.URL
[2013.06.07 04:33:10 | 000,000,732 | ---- | M] () -- D:\Desktop\SABnzbd.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.23 10:49:01 | 000,407,272 | ---- | C] () -- C:\finish.jpg
[2013.06.23 10:46:59 | 007,224,463 | ---- | C] () -- C:\finish-line.png
[2013.06.22 22:29:14 | 000,203,393 | ---- | C] () -- C:\desmond.jpg
[2013.06.22 12:19:44 | 000,000,224 | ---- | C] () -- D:\Desktop\Bonner Flitzer Haushaltsauflösungen - Entrümpelungen - Transporte aller Art.URL
[2013.06.22 12:17:04 | 000,000,229 | ---- | C] () -- D:\Desktop\Troc Bonn entrümpelt!.URL
[2013.06.22 12:15:05 | 000,000,236 | ---- | C] () -- D:\Desktop\Elektroschrott abholen und entsorgen in Bonn.URL
[2013.06.22 12:14:25 | 000,000,219 | ---- | C] () -- D:\Desktop\Plischka Bonn Abholung Elektrogeräte.URL
[2013.06.22 10:41:42 | 000,206,233 | ---- | C] () -- C:\metal.jpg
[2013.06.22 09:13:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.22 09:13:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.22 09:13:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.22 09:13:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.22 09:13:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.22 00:30:26 | 000,490,327 | ---- | C] () -- C:\2011-02.jpg
[2013.06.22 00:26:29 | 001,190,012 | ---- | C] () -- C:\2011-01.jpg
[2013.06.20 23:37:37 | 000,110,709 | ---- | C] () -- C:\zz-top.jpg
[2013.06.20 22:19:59 | 000,114,703 | ---- | C] () -- C:\Cyberbullying.png
[2013.06.19 20:22:48 | 000,000,229 | ---- | C] () -- D:\Desktop\Photopia ~ Responsive Photography WordPress Theme.URL
[2013.06.19 20:19:15 | 000,000,256 | ---- | C] () -- D:\Desktop\Meet ‘Photopia’ ~ Our Large Format Photography WP Theme.URL
[2013.06.15 14:24:29 | 000,006,997 | ---- | C] () -- C:\moodle-profil02.jpg
[2013.06.15 14:22:33 | 000,288,304 | ---- | C] () -- C:\moodle-profil.jpg
[2013.06.15 06:27:29 | 000,000,263 | ---- | C] () -- D:\Desktop\Infected ... but by what I am stuck. - Virus, Trojan, Spyware, and Malware Removal Logs.URL
[2013.06.15 03:20:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.06.14 18:50:39 | 000,000,260 | ---- | C] () -- D:\Desktop\Topic How to update all post to Image post format WPBandit.URL
[2013.06.14 18:50:35 | 000,000,211 | ---- | C] () -- D:\Desktop\php if ( get_post_format() ) php get_template_part('partialspost- - Pastebin.com.URL
[2013.02.04 21:57:53 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.12.09 02:12:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.07.02 11:45:40 | 000,000,132 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.01 14:00:27 | 000,000,132 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.10.16 10:53:11 | 000,000,218 | ---- | C] () -- C:\Users\deus62\.recently-used.xbel
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.02.17 15:48:29 | 000,001,678 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\MyMicroBalanceConfig.ini
[2010.09.03 16:41:49 | 000,000,132 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.08.17 11:27:48 | 000,001,708 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\Brian.xml
[2010.07.31 23:41:05 | 000,001,456 | ---- | C] () -- C:\Users\deus62\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.07.23 23:37:56 | 000,028,320 | ---- | C] () -- C:\Users\deus62\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.02.21 10:45:00 | 000,114,688 | ---- | C] () -- C:\Users\deus62\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.19 10:38:54 | 000,000,680 | ---- | C] () -- C:\Users\deus62\AppData\Local\d3d9caps.dat
[2010.02.19 00:45:44 | 000,000,732 | ---- | C] () -- C:\Users\deus62\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013.06.22 00:26:30 | 001,190,012 | ---- | M] () -- C:\2011-01.jpg
[2013.06.22 00:30:27 | 000,490,327 | ---- | M] () -- C:\2011-02.jpg
[2007.12.23 12:00:00 | 000,544,768 | ---- | M] () -- C:\AudioTester.exe
[2013.03.12 22:55:19 | 000,000,434 | ---- | M] () -- C:\AudioTester.exe - Verknüpfung.lnk
[2009.04.11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010.02.19 00:36:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013.06.22 09:25:38 | 000,022,095 | ---- | M] () -- C:\ComboFix.txt
[2013.06.20 22:19:59 | 000,114,703 | ---- | M] () -- C:\Cyberbullying.png
[2013.06.22 22:29:15 | 000,203,393 | ---- | M] () -- C:\desmond.jpg
[2013.06.23 10:47:00 | 007,224,463 | ---- | M] () -- C:\finish-line.png
[2013.06.23 10:49:01 | 000,407,272 | ---- | M] () -- C:\finish.jpg
[2013.03.28 23:29:52 | 001,386,245 | ---- | M] () -- C:\freiburg.psd
[2013.06.22 10:41:43 | 000,206,233 | ---- | M] () -- C:\metal.jpg
[2013.06.15 14:22:33 | 000,288,304 | ---- | M] () -- C:\moodle-profil.jpg
[2013.06.15 14:24:29 | 000,006,997 | ---- | M] () -- C:\moodle-profil02.jpg
[2013.06.22 08:33:27 | 312,815,615 | -HS- | M] () -- C:\pagefile.sys
[2011.07.28 23:03:19 | 000,083,968 | -H-- | M] () -- C:\photothumb.db
[2010.04.22 10:14:06 | 000,000,000 | ---- | M] () -- C:\test.nfo
[2013.06.20 23:38:30 | 000,110,709 | ---- | M] () -- C:\zz-top.jpg
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:284D1EE4

< End of report >


Here's the other one (Extras):

OTL Extras logfile created on: 23.06.2013 17:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,82% Memory free
8,22 Gb Paging File | 6,67 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,13 Gb Total Space | 13,58 Gb Free Space | 13,57% Space Free | Partition Type: NTFS
Drive D: | 365,53 Gb Total Space | 53,51 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 34,58 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
 
Computer Name: SCREAMWORKS | User Name: deus62 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [sendtotoys1add] -- C:\Program Files (x86)\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files (x86)\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files (x86)\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e, C: (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [sendtotoys1add] -- C:\Program Files (x86)\Send To Toys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files (x86)\Send To Toys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files (x86)\Send To Toys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e, C: (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 15 CD 1E 0E 32 B1 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1225011635-62478152-4079767521-1000]
"EnableNotificationsRef" = 5
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{355DEC8E-5D1F-4E89-82E5-5530F5BA1F3E}C:\program files (x86)\java\jre7\launch4j-tmp\mimo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\mimo.exe |
"UDP Query User{67B3A3F5-0132-4D90-94DF-DAE28D22C60D}C:\program files (x86)\java\jre7\launch4j-tmp\mimo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\launch4j-tmp\mimo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08044040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Search Bar (64-bit)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DFAC3C9-B2FD-E15E-5FA1-A2676F4BB07A}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C1AA0149-F7D1-8D18-37E8-3DD4A5326B64}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autopano Giga" = Autopano Giga
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"TeraCopy_is1" = TeraCopy 2.12
"Unlocker" = Unlocker 1.9.0-x64
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C1D5C6-E758-0CE0-911D-0260AEE1EFC7}" = CCC Help English
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10819FDB-BDDA-80F1-4EAF-1D8916C114E4}" = Catalyst Control Center
"{14262B14-3593-483B-A269-13EA13FF5ECF}" = ThisLife Uploader
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1CE75322-B65F-6BB8-B503-D7D967160919}" = CCC Help Thai
"{1D3C97FA-6430-4193-92A1-B92D127B79B8}" = Web-Recherche 3 Outlook Add-In
"{1E48A3E8-9A1C-B5DE-B2EF-CA740BBCA6A5}" = CCC Help Czech
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.5.6366
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{31957600-31D0-FE19-4235-B85B4C768FC3}" = CCC Help Italian
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37361C5C-B767-B01C-0661-F430C4C0B61B}" = CCC Help Spanish
"{38D451A9-A844-8652-5A42-70825EC90B25}" = CCC Help Greek
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{422F02CD-504B-41CC-8800-FE2EAB02B942}" = MyMagellan 5
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{49DC7D87-B9F9-4782-9386-B7F13BC75E48}" = Adobe Creative Suite 5 Design Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF8ACB2-0F93-ECED-EE9B-355548333562}" = CCC Help Chinese Traditional
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{523E94FE-F0F4-4E66-8BDB-A49516DBFC1F}" = MyMagellan 6
"{60C6FE80-AB40-10F7-0106-752620AB4339}" = CCC Help Russian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63DAF1E5-2FE9-4CE1-871F-BBE6E5630E12}" = LibreOffice 3.5 Help Pack (German)
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F895CC-D64F-6A32-354D-099AB1AAF001}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A1EC1FE-3224-29CB-F7A7-4EF245A1ED8C}" = CCC Help Hungarian
"{8D4E81BC-F137-FDC0-F33F-1DC907362F87}" = CCC Help French
"{8DD8B5D0-DAEF-871E-FD91-FFD411A86E1E}" = CCC Help Norwegian
"{8E4E59D9-0F68-09A6-A2B3-05010F8D1843}" = CCC Help Finnish
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93F9EDEC-77CD-67A2-B328-09FFE6CEB72E}" = CCC Help German
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4E726E-5414-65E1-1772-2C1F5320BEE3}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C597A7-3BD9-9066-6293-E3107E1DB32D}" = CCC Help Korean
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5
"{B8E30929-A479-8D58-FE6B-264FAF3F05D3}" = CCC Help Danish
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD929149-9035-153F-7E1E-96E30D26341B}" = CCC Help Turkish
"{BECBB896-7789-174F-DD95-106F3B3E9A4C}" = Catalyst Control Center InstallProxy
"{C081C7BF-86B9-453D-A91B-1DDC8204E9FA}" = Web-Recherche 3
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB462448-5967-5FE5-2C77-A2C921EACCAA}" = CCC Help Swedish
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2277ED3-1AAD-762B-F6E6-8D172FF7D29E}" = Catalyst Control Center Graphics Previews Common
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}" = WD FAT32 Formatter
"{DD6959D3-EC84-56DC-4642-7DC9B05E8D4A}" = CCC Help Dutch
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E908333A-8345-359F-B229-1F439C221B34}" = CCC Help Polish
"{EB834284-080E-109C-17A2-237D563B098C}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14E8360-454B-592E-38C8-4F66E7C51AAB}" = CCC Help Chinese Standard
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"5513-1208-7298-9440" = JDownloader 0.9
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.2.2
"Allway Sync_is1" = Allway Sync version 11.3.0
"Ant Renamer 2_is1" = Ant Renamer
"Anti-Twin 2012-06-16 18.46.51" = Anti-Twin (Installation 16.06.2012)
"Avidemux 2.5" = Avidemux 2.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DelinvFile_is1" = DelinvFile - 4.04
"Digital Editions" = Adobe Digital Editions
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.7
"FreeCommander_is1" = FreeCommander 2009.02a
"HandBrake" = HandBrake 0.9.8
"ImgBurn" = ImgBurn
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.10
"Liveupdate4_is1" = Liveupdate4
"MailStore Home_universal1" = MailStore Home 5.0.1.6919
"MakeMKV" = MakeMKV v1.7.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mimo" = Mimo
"MKVtoolnix" = MKVToolNix 5.7.0
"Monkey's Audio_is1" = Monkey's Audio
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Tag Assistant Pro_is1" = Mp3 Tag Assistant Pro v2.94
"Mp3tag" = Mp3tag v2.55a
"NirSoft ShellExView" = NirSoft ShellExView
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"Opera 12.13.1734" = Opera 12.13
"PC Wizard 2010_is1" = PC Wizard 2010.1.93
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"PDFKey Pro" = PDFKey Pro
"Picasa 3" = Picasa 3
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"Revo Uninstaller" = Revo Uninstaller 1.88
"SABnzbd" = SABnzbd 0.7.12
"Send To Toys_is1" = Send To Toys v2.5
"Sublime Text_is1" = Sublime Text 1.4
"Tag&Rename_is1" = Tag&Rename 3.5.6
"TuneUp Utilities" = TuneUp Utilities
"UMPlayer" = UMPlayer 0.98 [P4]
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.6
"VVV-fu-ku-jitsu_is1" = VVV (Virtual Volumes View) version 1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"pdfsam" = pdfsam
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2013 02:26:48 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3011
Description =
 
Error - 22.06.2013 02:26:51 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3012
Description =
 
Error - 22.06.2013 02:26:52 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3012
Description =
 
Error - 22.06.2013 02:26:52 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3011
Description =
 
Error - 22.06.2013 02:41:39 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3012
Description =
 
Error - 22.06.2013 02:41:39 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3012
Description =
 
Error - 22.06.2013 02:41:39 | Computer Name = ScreamWorks | Source = LoadPerf | ID = 3011
Description =
 
Error - 22.06.2013 02:45:21 | Computer Name = ScreamWorks | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 22.06.2013 02:45:21 | Computer Name = ScreamWorks | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 23.06.2013 11:15:52 | Computer Name = ScreamWorks | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1394  Anfangszeit: 01ce70246f6e7d1a  Zeitpunkt der Beendigung:
 0
 
[ System Events ]
Error - 20.06.2013 10:20:25 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.06.2013 10:20:25 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7023
Description =
 
Error - 20.06.2013 10:20:25 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7026
Description =
 
Error - 22.06.2013 02:35:17 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.06.2013 02:35:17 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7023
Description =
 
Error - 22.06.2013 02:35:17 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7026
Description =
 
Error - 22.06.2013 03:19:50 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7030
Description =
 
Error - 22.06.2013 03:22:26 | Computer Name = ScreamWorks | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.06.2013 03:22:55 | Computer Name = ScreamWorks | Source = Service Control Manager | ID = 7030
Description =
 
Error - 22.06.2013 03:28:16 | Computer Name = ScreamWorks | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_UNLOCKERDRIVER5\0000" wurde ohne vorbereitende
 Maßnahmen vom System entfernt.
 
 
< End of report >



#10 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 23 June 2013 - 10:30 AM

When I ran the first scan, I killed the scan because I had forgotten to insert the code lines you had posted for me.

I then restarted the scan with the inserted lines and everything went smoothly.



#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:26 AM

Posted 24 June 2013 - 06:31 AM

Good evening deus62,

 

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:284D1EE4

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

=====

 

Then, please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

 

=====

 

In your reply please provide the following:

  • OTL fix log.

  • RogueKiller log.

How is your computer running now?

 

 

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 24 June 2013 - 09:23 AM

Dark Knight,

 

I will get to it tonight or tomorrow night.

 

Thank you very much for your continued help.

 

Before I forget (and I probably will at the end), is there a place I can leave a financial contribution for your (and the other people's) help?
Can you point me in the right direction.

Thanks.



#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:26 AM

Posted 25 June 2013 - 04:37 PM

Hello deus62,

 

No worries. :)

 

If you would like to make a donation, please click on the link in my signature. I raise money for the Neuroscience Research Institute in Australia to fund projects on Alzheimer's and Parkinsons'. They would appreciate your contribution. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 26 June 2013 - 12:30 AM

Here's the first fix log. I'm doing step two in a minute ...

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
ADS C:\ProgramData\TEMP:284D1EE4 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: deus62
->Temp folder emptied: 72711841 bytes
->Temporary Internet Files folder emptied: 19293467 bytes
->Java cache emptied: 10616019 bytes
->FireFox cache emptied: 474807279 bytes
->Google Chrome cache emptied: 11116393 bytes
->Apple Safari cache emptied: 832512 bytes
->Opera cache emptied: 12329418 bytes
->Flash cache emptied: 217720 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: sabrina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10252 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 574,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06262013_072433

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#15 deus62

deus62
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 26 June 2013 - 12:35 AM

Here's the RogueKiller result:

 

I just scanned and did not do anything else.

 

*************************************************************

 

RogueKiller V8.6.1 _x64_ [Jun 25 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Gestartet in : Normaler Modus
Benutzer : deus62 [Admin Rechte]
Funktion : Scannen -- Datum : 06/26/2013 07:34:00
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 10 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> GEFUNDEN
[DNS] HKLM\[...]\CS001\[...]\{1DB36AAF-1749-4C6D-9FA8-720035CB99BB} : NameServer (217.0.43.97 217.0.43.113) -> GEFUNDEN
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] ae7b357ccd71cb4979195fdcb4e0053f
[BSP] 41a1355388ebc429995426207bf8e81a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 102532 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 210194460 | Size: 374303 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 7d75208c95f93f9979dcf21ab3e77ac6
[BSP] 5d8bfc720c702b9af37896fb77315a35 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_06262013_073400.txt >>

***************************************************************************






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users